light-4j icon indicating copy to clipboard operation
light-4j copied to clipboard
verified publisher icon networknt

Add fine-grained authorization along with JWT and scope

Open stevehu opened this issue 8 years ago • 5 comments

Need to implement a generic structure to handle Role-based, Rule-based and Attribute-based authorization in the framework. The real implementation or entitlement mapping will leave to customization.

stevehu avatar May 04 '17 15:05 stevehu

this feature is really cool, when we have it, @stevehu ?

lanphan avatar Feb 22 '19 03:02 lanphan

One of the customers is building it internally as fine-grained auth must be in the business context. They are trying to leverage light-rule which is a rule engine based on Kotlin DSL. At this moment, I don't have any time to focus on it but I would like to provide an open source reference implementation if possible and an enterprise edition for most industries. Let me know if you are interested in working together.

stevehu avatar Feb 22 '19 03:02 stevehu

@stevehu I'm interested in open source implementation and enterprise edition, thanks

lanphan avatar Feb 22 '19 16:02 lanphan

A banking customer has implemented within its business context. I am still trying to figure out how to implement a list of generic middleware handlers with user-defined rules. As fine-grained authorization happening within the business context, it is very hard to draw the line between open-source implementation and industry-specific requirement.

stevehu avatar Aug 08 '19 14:08 stevehu

My client is doing it in 2 handlers:

  1. establishes a security role, based on tamper-proof claims in the JWT handler
  2. performs FGA based on the security role.

The intention is to move the decision to light-rule

ddobrin avatar Sep 03 '19 17:09 ddobrin

This has been done with yaml-rule and https://github.com/networknt/light-rest-4j/tree/master/access-control

stevehu avatar Dec 14 '22 18:12 stevehu