Casbin-Ruby: an authorization library supporting distributed role-based access control (RBAC)

eTradeWire News/10703664
Our Ruby implementation of Casbin took about a month to develop, and by using tests from existing implementations in different languages, we started with a deep base of test coverage.

SAN FRANCISCO - eTradeWire -- Our KFC project employs a microservice architecture, with components written in various languages and runtime environments, such as .NET, Ruby, and Go. Many of these components need to be able to make decisions based upon the authorization status of a user: who are they, what roles do they belong to, what actions are they able to perform, and to what?

We needed a consistent way to use role-based access control between multiple independent languages, and we also needed a way to manage the permissions and access control lists (ACLs). We discovered Casbin, an authorization library that was implemented in a variety of different languages. But there was one snag: we needed a Ruby implementation, and Casbin had not yet been ported to Ruby. So, we decided to do it ourselves, and the result is Casbin-Ruby. Read more about the Casbin-Ruby open-source project.

More on eTradeWire News
How does it work?

At its simplest, each microservice has access to two files, which are distributed across the system. The first contains a list of the users, groups, roles, and so on — in other words, it defines the authorization principles. The second contains the mappings between the principals: in effect, it is an amalgamation of all of the access control lists used by the system.

This provides the solution for the very core of our challenge: decentralization (or distributed) management of users, roles, and what they can do.

Media Contact
44 Tehama St, San Francisco, CA 94105

Filed Under: Open source

Show All News | Report Violation


Latest on eTradeWire News