attribute based access control

Question

attribute based access control

chicco785 opened this issue 3 years ago · 2 comments

Is your feature request related to a problem? Please describe.

Currently, by implementing the WAC standard profile,
anubis supports only RBAC. While not formalized, the specs discuss the possibility to use ODRL to express obligations required to be met by agents prior to accessing a resource cf. authorization-extensions section in WAC spec

We could define the extension as

    oc-acl:constraint     a rdf:Property;
         :comment "The information resource to which access is being granted.";
         :domain acl:Authorization;
         :label "Has Constraint"@en;
	rdfs:range [
		a owl:Class ;
		owl:unionOf ( odrl:Constraint odrl:LogicalConstraint ) ;
	] .

to allow acl rules to have constraints.

oc-acl:constraint [
                odrl:leftOperand ? ;
                odrl:operator odrl:isA ;
                odrl:rightOperand ?
              ]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Answer 1 · 2022-06-09T10:48:26.000Z

the language is documented in https://github.com/orchestracities/anubis-vocabulary

Answer 2 · 2022-06-09T10:49:25.000Z

we need to decide in a next release how to implement this in the backend