docker_auth icon indicating copy to clipboard operation
docker_auth copied to clipboard
verified publisher icon cesanta

Support casbin as the authorization backend

Open hsluoyz opened this issue 8 years ago • 2 comments

Casbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, casbin has several advantages:

  1. roles can be cascaded, aka roles can have roles.
  2. support resource roles, so users have their roles and resource have their roles too. role = group here.
  3. the permission assignments (or policy in casbin's language) can be persisted in files or database (MySQL and Cassandra).

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

I think it's more powerful than the current ACL way, what do you think? Thanks.

hsluoyz avatar May 20 '17 09:05 hsluoyz

this seems interesting. ideally, with backward compatible configuration, but if it's compelling enough, we can consider full replacement and cutting a v2. as always, providing implementation will speed up adoption :) absent that, you will need to wait until i have spare cycles, of which i have very few (this is essentially a side project for me).

rojer avatar Jun 06 '17 22:06 rojer

Hi @rojer ,

Thanks for your reply! I have made a PR about adding Casbin authz way: https://github.com/cesanta/docker_auth/pull/182

The original auth way like ACL is a little complicated, like the label. I don't know if I understand it correctly, please advise.

And I have also added the test. In the test I demonstrated the usage of RBAC and admin. So a user can inherit the permissions from a role, and the admin user will have all the permissions to do anything. These show the flexibility of Casbin.

Let me know if there's any question:)

hsluoyz avatar Jun 10 '17 10:06 hsluoyz