Support jCasbin as the authorization backend
veotax opened this issue · 2 comments
jCasbin is an authorization library that supports models like ACL, RBAC, ABAC.
Related to RBAC, casbin has several advantages:
- roles can be cascaded, aka roles can have roles.
- support resource roles, so users have their roles and resource have their roles too. role = group here.
- the permission assignments (or policy in casbin's language) can be persisted in files or database.
- multiple models like ACL, BLP, RBAC, ABAC, RESTful are supported.
And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible. BTW, https://github.com/vmware/dispatch already uses the Golang's Casbin. And jCasbin keeps exactly the same API and advantages as Golang Casbin.
I saw there's a RBAC need for this project, and I think jCasbin is a good choice. What do you think? Thanks.
Admiral's authorization model is tightly coupled to the Xenon's model, see https://github.com/vmware/xenon/wiki/Authentication-and-Authorization-Design. BTW, Xenon (https://github.com/vmware/xenon) is the framework that currently Admiral is based on.
jCasbin seems an interesting project and we (or the Xenon project itself) may have it in mind in the future, but for now our requirements and use cases are covered with the current authorization model implementation.
Thanks!
Thanks for the information!