IBAC stands for identity-based access control. In this access control scheme, access to a resource is based on identity of the caller. This is often problematic as when a program acts on behalf of another, access is authorized based on its own identity rather than that of the caller.

See also ABAC.