wiki:WikiStart

Version 2 (modified by faber, 8 years ago) (diff)

--

ABAC

The ABAC project has designed and implemented tools for using Attribute-Based Access Control, a scalable authorization system based on formal logic. It maps principals to attributes and uses the attribute to make an authorization decision, e.g., if user1 has the login attribute the login program will alllow them to log in. This library, libabac, is a base on which to build those tools. It is in use in the DETER federation system and being integrated with the GENI network testbed.

If you are new to ABAC, you may find the introductory material from our TIED project helpful. That material summarizes the power and semantics of ABAC and links to examples of ABAC policy illustrated using an early example of the Crudge ABAC policy browser.

The latest ABAC RT0 version is ABAC 0.1.4. Jump down to Source to download it.

What's Included

The core libabac distribution includes:

  • libabac, a linkable C/C++ library
  • Perl and Python bindings to libabac
  • A standalone java implementation
  • creddy, a command line credential management tool

These ABAC tools use libabac

Getting started: Installing libabac

Installing libabac is a straightforward configure, make, make install sequence. There are a few things to be careful of depending on your operating system.

Software Dependencies

Libabac depends on openssl and the xmlsec1 digital signature library. Most unix-like operating systems have openssl installed and have xmlsec1 as a standard package. The perl and python bingings are generated by swig 1.3, and the build system uses automake and some autoconf macros.

To set up Ubuntu for building libabac:

$ sudo apt-get -y install autoconf-archive automake g++ git-core libtool python-dev swig libxmlsec1-dev

Under FreeBSD, use the ports system to install the following packages:

devel/libtool
devel/automake
devel/autoconf-archive
devel/swig13
devel/pkg-config
security/xmlsec1
lang/perl
lang/python

If you plan to build the java implementation on ubuntu you should also

$ apt-get -y install openjdk-7-jdk ant ant-optional

Similarly in FreeBSD install

devel/apache-ant
java/openjdk6

We have seen no differences under the various JDKs.

Installation

Then get the source, untar it, change to the abac-0.1.4 directory and do the standars install sequence:

# Ubuntu users: ./configure --prefix=/usr
$ ./configure
$ make
$ sudo make install

To confirm that your install succeeded:

$ cd examples
$ make

Libabac uses the standard GNU install prefix of /usr/local. If you are on Ububtu or another distribution that does not search /usr/local/lib for shared libraries, make sure you use ./configure --prefix=/usr

Tracking Development

If you would like to track the libabac development, you can pull code from out publically available git repository:

$ git clone git://abac.deterlab.net/abac.git

Current sources can be browsed on the web.

Releases

See the ChangeLog for details about each release

  • 2013-05-XX: ABAC 0.1.4 released
  • 2011-04-11: Crudge 1.0 released
  • 2011-03-30: ABAC 0.1.3 released
  • 2010-10-01: ABAC 0.1.2 released
  • 2010-09-17 2010-09-20: ABAC 0.1.1 released
    • Update: We fixed a one-line bug in creddy. If you downloaded this over the weekend, please fetch it again.

Contacts