apache / incubator-teaclave

Apache Teaclave (incubating) is an open source universal secure computing platform, making computation on privacy-sensitive data safe and simple.
https://teaclave.apache.org
Apache License 2.0
766 stars 159 forks source link

Switch the access control service to official Casbin-RS #265

Open veotax opened 4 years ago

veotax commented 4 years ago

I saw we built a custom access control service here: https://github.com/apache/incubator-teaclave/pull/64 . I found it is actually re-implementing something like Casbin-RS: https://github.com/casbin/casbin-rs . I totally understood it because this PR is done in last November, but Casbin-RS only got primary features (RBAC, ABAC, etc.) done after last December. Actually Casbin supports 8 languages and Rust is the last one that got ready:)

So now I think we are safe to move to Casbin-RS finally because after 5 months' development, it's now ready for production and actively maintained. So teaclave maintainers don't need to take efforts to maintain this part of code.

teaclave model:

https://github.com/apache/incubator-teaclave/blob/c574bd6f9c5f0e8acd6526acd7dafa0dce2a4ec1/mesatee_services/acs/model.conf#L1-L32

Casbin RBAC model:

[request_definition]
r = sub, obj, act

[policy_definition]
p = sub, obj, act

[role_definition]
g = _, _

[policy_effect]
e = some(where (p.eft == allow))

[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
uraj commented 4 years ago

Thanks for the info. Indeed, when we were implementing our access control subsystem, we referred to Casbin and that's why the format of configuration file is similar.

However, our model is more powerful. Simply speaking, our rules are Turing-complete. It's more like a home-made logic programming language that resembles Prolog. The resolution engine is written in Python and powered by MesaPy in SGX.

Teaclave faces some unique problems in terms of access control because it is dealing with multi-party trusted computation. I'm no access control expert so the current design and implementation are likely suboptimal. If you are interested in helping make improvements please let us know.