Modern digital infrastructures require access control systems that protect sensitive data as well as
adapt to evolving contexts and user behaviour. While foundational models like Discretionary
Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control
(RBAC) provide basic enforcement, they lack flexibility, granularity and real-time responsiveness.
Attribute-Based Access Control (ABAC) improves granularity by using attribute-driven policies,
but standard implementations (XACML and NGAC) each have critical limitations. XACML,
though powerful in static policy expression, lacks real-time contextual awareness, while NGAC
offers dynamic evaluation but struggles with policy standardization, over-permissiveness and
transparency. To bridge these gaps, this research proposes DTW-ABAC (Dynamic Trust
Weighted-Attribute Based Access Control), a hybrid framework that combines XACML's
structured policy logic with NGAC's dynamic evaluation capabilities. The framework leverages
Microsoft Entra ID for consistent and secure identity and attribute management, and introduces a
trust scoring system that adjusts user access based on behavioural consistency and historical risk.
Weighted attribute evaluation ensures policy flexibility, while scenario-driven testing and detailed
audit logs increase transparency and accountability. Comparative analysis shows that the hybrid
model delivers more accurate, adaptive, and explainable decisions than standalone XACML or
NGAC, making it a strong candidate for enterprise and cloud-scale deployment where contextual
nuance and high security reliability are essential.
