Adaptive Access Control is the technical ability to apply different control models to an access transaction based on defined variable conditions.
For example, a service provider may want to use different access control models for the same user according to whether they are requesting access from inside or outside a network firewall.
Adaptive Access Controls are commonly expressed in policies, which define the behaviour of access control systems using formal configuration tools and languages such XCAML. In many cases a dedicated function called the Policy Enforcement Point (PEP) will handle and parse access requests before routing that request to the appropriate authentication and / or authorisation service. Adaptive Access Control is, therefore, of a function of authentication proxy servers.