Let me also introduce Ted Faber <faber@isi.edu>, who has lead much of the implementation and integration work using ABAC within the DETER and GENI-sponsored “TIED” project.

http://abac.deterlab.net is our wiki. From there, you can find links to some introductory material under the GENI TIED project page, as well as pointers to the latest software release. 

There are many slides and papers on ABAC, going back to the work of Li, Mitchell and Will Winsborough. Basically, Will Winsborough was working in my lab at McAfee Research (later sold to SPARTA), when he collaborated with Li and Mitchell at Stanford on a DARPA project that defined and implemented the formal authorization semantics in the first ABAC prototype. The TIED project later re-wrote that prototype into a stand-alone library with bindings in C, Java, Python and Perl.

Jeff Chase at Duke, another collaborator on this thrust of work, wrote up a nice summary note that might be an excellent starting point. We can bury you in paper all too easily, and I don’t want to do that. ABAC is a really simple idea, translated into working software, that can be a great starting point for many distributed authorization systems. We’d like to pursue its use across several of the emerging nationally funded research network infrastructures.

—Steve