Due to the increasing distribution and complexity of current applications, attribute-based access control (ABAC) is slowly becoming the only way to control access. This monograph summarizes the accumulated knowledge on this important subject and has a rather practical orientation, simplifying or omitting most theoretical aspects. Overall, the treatment is clear and conveys the important ideas behind ABAC. Relating ABAC to Extensible Access Control Markup Language (XACML) and next generation access control (NGAC), two industry standards, provides a good application path for the theoretical concepts of ABAC. Chapters on testing, deployment, and life cycle provide useful practical guidelines to implement the abstract models.

However, the use of block diagrams to show the dynamic aspects of these models was a poor decision. Regretfully, this is a common trend in National Institute of Standards and Technology (NIST) publications. Developers and researchers (the main audience) can read unified modeling language (UML) models. Using UML class and sequence diagrams, as done in [1], would have made these models more precise and easier to implement. Considering the book’s practical orientation, the lack of security patterns to describe the models is also notable (see [1,2]). Patterns can make the application of security concepts significantly easier for people who are not security experts.

Most of the references are to NIST works, which reduces the book’s research value. For example, the Association for Computing Machinery (ACM) recently held its 3rd Workshop on Attribute Based Access Control; this is an important source for researchers, but it is ignored here. Furthermore, the book does not provide any conclusions or future perspectives.

In summary, the book contains a good amount of useful information, but it is neither up to date nor precise enough to be really helpful to researchers. The use of UML and patterns would have made this work more accessible to practitioners.