A light weight dynamic attribute based access control module integrated with business rules

User authorization in software systems is and has been a serious security concern for a long time. Attribute based Access Control (ABAC), as a new model of user authorization, makes it possible to restrict user access based on rules against different attributes. In the context of service access control in enterprise systems, it seems necessary to separate business rules from service logic and user authorization mechanism. This paper is an experimental report on the implementation of an ABAC module in which business rules are used to restrict user access to the services. The ever changing nature of the business rules in an enterprise system made a necessity to the proposal of such a light weight dynamic attribute based access control module, in which end user is able to change access policies and business rules in run time. Challenges of building this module are revealed and plausible solutions which have been put in place are reported.