What is Policy-Based Access Control?
TL;DR; Policy-based access control (PBAC) and attribute-based access control (ABAC) are exactly the same thing. They enable fine-grained access control or authorization. Lately, customers have been asking me about the difference between externalized authorization, attribute-based access control (ABAC), and policy-based access control (PBAC). These are in fact all different ways of describing roughly the same thing: a better approach to tackling fine-grained authorization challenges in a way that is technology-neutral, i.e. that can be reused for APIs, data, and more. Both ALFA, the abbreviated language for authorization, and XACML are the OASIS standard implementations for ABAC.