The Abacus: A New Architecture for Policy-based Authorization

Modern authorization architectures using role-based, policy-based, and even custom solutions have numerous flaws and challenges. A new design for authorization architecture is presented called the Abacus. This paper discusses the architecture that the Abacus utilizes to overcome the issues inherent in other proprietary and open-source authorization solutions. Specifically, the Abacus respects domain boundaries, is less complex than existing systems, and does not require direct connections to domain data stores