Use Casbin as the authorization engine for Mosquitto

[hsluoyz]

Hi, I'm from Casbin team. Casbin is a popular authorization library that supports access control models like ACL, RBAC, ABAC for 10+ languages including C/C++. See details at: https://casbin.org/

Actually a user came to me and suggested if we can use Casbin authorization inside Mosquitto: casbin/casbin-cpp#79 , so I think maybe I should post an issue to the community here. I saw your ACL design here: #1779 . The API is similar to what Casbin provides: https://casbin.org/docs/en/management-api and https://casbin.org/docs/en/rbac-api

Related to RBAC, Casbin has several advantages:

1. roles can be cascaded, aka roles can have roles.
2. support resource roles, so users have their roles and resource have their roles too. role = group here.
3. the permission assignments (or policy in casbin's language) can be persisted in files or databases.
4. multiple models like ACL, RBAC, ABAC, RESTful, Allow-Override, Deny-Override, Priority are supported.

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible. Actually Casbin only focuses on authorization and will bring more features to all languages in future. With Casbin, Mosquitto developers can be freed from maintaining the auth code and only focus on the MQ core stuff. Therefore, can we integrate it into Mosquitto?

[ralight]

Thanks for the suggestion, it would certainly be possible to have a Casbin plugin for Mosquitto.