Use casbin as a storage backend
Closed this issue · 2 comments
Hi mikespook, I'm Yang Luo, the author of casbin. It is an authorization library that supports models like MAC, RBAC, ABAC.
I'm lucky to find the gorbac project when searching authorization in Go:) Compared to gorbac, casbin is more low-level and doesn't provide a friendly RBAC interface as gorbac. But it provides permission storage via file, DB. And I found that currently gorbac's persistence is still not perfect. So what do you think of using casbin as a storage backend for gorbac? Of course it's better if you want to use it as the enforcement engine too. Looking forward to your reply.
Hi Yang,
Thank you for the suggestion. I did some rough research about casbin. It's a good idea to have some abstract descriptions file to model the privileges stuffs.
However, I think we have the different concept about the libraries. I've explained some ideas in the post you can check. Thus goRBAC won't have any persistence functions, unless the users have to implement their own one. On the other hand, casbin can be considered as a full-functional middleware, isn't it?
BTW, I saw you wrote the rbac manager in casbin. I think it has the similar scope to goRBAC. What if we replace the RBAC manager by using goRBAC? It seems a more practical way for supplying a user-friendly API.
Anyway, I'm open my mind to discuss further. Hoping we can make two projects working together.
Cheers,
However, I think we have the different concept about the libraries. I've explained some ideas in the post you can check. Thus goRBAC won't have any persistence functions, unless the users have to implement their own one. On the other hand, casbin can be considered as a full-functional middleware, isn't it?
Well, some users indeed don't want persistence but there are still someone do. However I understand that you want to keep it light-weight.
BTW, I saw you wrote the rbac manager in casbin. I think it has the similar scope to goRBAC. What if we replace the RBAC manager by using goRBAC? It seems a more practical way for supplying a user-friendly API.
Yeah. Because RBAC is one of casbin's supported models. goRBAC can detect some errors like InherCircle which is a good function and provides more friendly API, which makes it at a higher layer (closer to user) than casbin. However, I also can't give up the current primitive API because non-RBAC users will need to use it. Or it makes no difference with gorbac, except that it has a persistence way.