hi all, I posted this earlier: are there any RBAC (role based access control) efforts in rails? code to support? external, open source project(s)? etc? any help much appreciated, if none exists we''ll build it and anyone who wants to help is welcome :) _alex -- alex black, founder the turing studio, inc. 510.666.0074 root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org http://www.turingstudio.com 2600 10th street, suite 635 berkeley, ca 94710
Alex- I''m not sure anything exists. I think if you look in the archives, there is some discussion of ACL-style security, but I''m not sure that there is anything available for even that approach -- maybe some example code, ideas that have been bounced around, but probably not a complete system. I''d be interested in this sort of system. I''m working on a porject that could eventually benefit from some sort of role-based access control, but I really haven''t done anything with designing this sort of system, so it''s not something I''ve concerned myself with too much at this stage of development. I guess what I''m saying is that I''m guessing you''ll be starting mostly from scratch, but I''m sure you will find folks (like me) who''d be willing to contribute where possible. Cheers, Ben On 4/18/05, alex black <enigma-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org> wrote:> hi all, > > I posted this earlier: > > are there any RBAC (role based access control) efforts in rails? code > to support? external, open source project(s)? etc? > > any help much appreciated, if none exists we''ll build it and anyone who > wants to help is welcome :) > > _alex > > -- > alex black, founder > the turing studio, inc. > > 510.666.0074 > root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org > http://www.turingstudio.com > > 2600 10th street, suite 635 > berkeley, ca 94710 > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
> I''m not sure anything exists. I think if you look in the archives, > there is some discussion of ACL-style security, but I''m not sure that > there is anything available for even that approach -- maybe some > example code, ideas that have been bounced around, but probably not a > complete system.http://wiki.rubyonrails.com/rails/show/ACLController Seems like an excellent start. It effectively controls URIs (which is what we did in bc as the base) through controller methods, that''s excellent. We have: -policy -allow (uri | entity (AR method is equiv) | file ) -role -policy -policy (so you could assemble roles easily from policies included with an application) in binarycloud. Pretty simple, normal RBAC system - I think magical authorization is a VERY bad idea (tm). So simple = secure = good = reliable.> I''d be interested in this sort of system. I''m working > on a porject that could eventually benefit from some sort of > role-based access control, but I really haven''t done anything with > designing this sort of system, so it''s not something I''ve concerned > myself with too much at this stage of development.I''ve designed big nasty ones and small simple ones. I like small simple ones that allow you to -declare ''things'' that can be authorized (uris, files, methods) -declare named lists of ''things which are allowed'' (policies) -declare named roles which are just a set of policies it works very well, is very simple, and very flexible - useful in teensy projects and massive ones.> I guess what I''m saying is that I''m guessing you''ll be starting mostly > from scratch, but I''m sure you will find folks (like me) who''d be > willing to contribute where possible.okee, we''re in the middle of a proj on rails and will ping back when we have something useful with acl... which I suspect will be all we touch for the moment :) _a
This was posted on the Wiki a couple of days ago: http://wiki.rubyonrails.com/rails/show/LoginGeneratorAccessControlList jim On Mon, 2005-04-18 at 12:33 -0700, alex black wrote:> > I''m not sure anything exists. I think if you look in the archives, > > there is some discussion of ACL-style security, but I''m not sure that > > there is anything available for even that approach -- maybe some > > example code, ideas that have been bounced around, but probably not a > > complete system. > > http://wiki.rubyonrails.com/rails/show/ACLController > > Seems like an excellent start. > > It effectively controls URIs (which is what we did in bc as the base) > through controller methods, that''s excellent. > > We have: > > -policy > -allow (uri | entity (AR method is equiv) | file ) > -role > -policy > -policy > > (so you could assemble roles easily from policies included with an > application) > > in binarycloud. > > Pretty simple, normal RBAC system - I think magical authorization is a > VERY bad idea (tm). So simple = secure = good = reliable. > > > I''d be interested in this sort of system. I''m working > > on a porject that could eventually benefit from some sort of > > role-based access control, but I really haven''t done anything with > > designing this sort of system, so it''s not something I''ve concerned > > myself with too much at this stage of development. > > I''ve designed big nasty ones and small simple ones. I like small simple > ones that allow you to > > -declare ''things'' that can be authorized (uris, files, methods) > -declare named lists of ''things which are allowed'' (policies) > -declare named roles which are just a set of policies > > it works very well, is very simple, and very flexible - useful in > teensy projects and massive ones. > > > > I guess what I''m saying is that I''m guessing you''ll be starting mostly > > from scratch, but I''m sure you will find folks (like me) who''d be > > willing to contribute where possible. > > okee, we''re in the middle of a proj on rails and will ping back when we > have something useful with acl... which I suspect will be all we touch > for the moment :) > > _a > > _______________________________________________ > Rails mailing list > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org > http://lists.rubyonrails.org/mailman/listinfo/rails-- jim <jim-rhf1kIDhBaeB8E1WFlbJj6xOck334EZe@public.gmane.org>