...
Medical events Access policy can be found here
General Concept design
- ABAC is an independent microservice
- It is responsible for granting access to resources based on attributes of any business entity that are requesting access for.
- Service will not support UI editing of rules
- Service should provide RPC (or similar as service must not spend additional computation time on decoding/encoding and networking)
- Service must store audit log in files with two main events: "Successful access grants", "Access rejects".
- Service must cache data for resources, with cache lifetime on per resource sets
- ABAC is additional level of authorization on the top of the regular scope-based access model.
...