Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add inline policy capabilities to authorization #22

Open
ruiconti opened this issue Apr 23, 2021 · 0 comments
Open

Add inline policy capabilities to authorization #22

ruiconti opened this issue Apr 23, 2021 · 0 comments
Labels
core Common and core functionality. design change A change that involves a change of current software design. Orthogonal to a refactor refactor Change implementation details but keep functionality stale.
Milestone
Going Public

Comments

@ruiconti
Copy link
Contributor

Proposal

With a discussion with @rafamelos for an internal project, we came to realize that we'd fall in the common trap of RBAC systems that the number of roles and policies would increase exponentially as the number of user and resources increases.

And the root of this problem lies, primarily for this context, in having too many fine-grained role-policies associations.

Solution

A first thought solution would be to implement inline-policies. As a legal direct relationship between user and a policy. With that in mind, changes are bound to happen at

  • Authorization base classes
  • Access interfaces to enable inline-policy management

One benefit from current implementation is that authorization flow would remain unchanged. Meaning that no need to alter how permissions are checked.
@ruiconti ruiconti added refactor Change implementation details but keep functionality stale. design change A change that involves a change of current software design. Orthogonal to a refactor core Common and core functionality. labels Apr 23, 2021
@ruiconti ruiconti added this to the Going Public milestone Apr 23, 2021
@ruiconti ruiconti mentioned this issue Apr 23, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
core Common and core functionality. design change A change that involves a change of current software design. Orthogonal to a refactor refactor Change implementation details but keep functionality stale.
Projects
None yet
Milestone
Going Public
Development

No branches or pull requests
1 participant
@ruiconti