Which access control model is characterized by making access decisions based on subject, object, and context-sensitive attributes?

The choice of Attribute-Based Access Control (ABAC) is highlighted due to its unique way of determining access permissions by evaluating attributes related to the subject (the user requesting access), the object (the resource being accessed), and contextual factors (such as time, location, or environmental conditions). This model provides a dynamic and fine-grained approach to security, allowing organizations to create complex policies that reflect real-world situations and requirements.

ABAC allows for decision-making that can adapt to various scenarios, accommodating multiple attributes rather than being restricted to a fixed set of roles or permissions. This enhances flexibility and scalability, making it suitable for complex environments where access needs may vary frequently and are influenced by numerous factors.

Unlike other models such as Mandatory Access Control (MAC), which strictly enforces policies based on classification labels, or Discretionary Access Control (DAC), which permits resource owners to dictate permissions broadly, ABAC's context-sensitive nature offers a robust mechanism for managing access based on detailed and situational attributes.