Support Casbin as the authorization backend #12
Comments
|
Hi Yang, Thanks for the suggestion. I agree that Tinode's current authentication model is quite basic. On the other hand it seems to be good enough for the supported use cases. Access control is not something that I see as a significant gap right now. Can you elaborate how Tinode would benefit from integration of Casbin? What new use cases would be enabled? Would you consider submitting a pull request? Thanks! |
|
The benefit is that you don't need to maintain the permission checking code any more. You only need to maintain the Casbin model and policies. So the task is simplified. About new user cases, you can perform access control in all granularities with Casbin. For example, the user can specify the policy rules too under the grammar of Casbin policy. So the access control customization is enabled for the users. |
|
I think your suggestion would make a lot of sense at the onset of the project. It does not look like it offers a lot of benefits now but would require substantial refactoring. Cost-benefit does not support it at this stage. I'm going to close the ticket. Thanks! |
Hi, Casbin is an authorization library that supports models like ACL, RBAC, ABAC.
Related to RBAC, Casbin has several advantages:
And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.
Casbin can provide more flexibility and security than the current level-based access control. Let me know if there's any question:) Thanks.
The text was updated successfully, but these errors were encountered: