Open veotax opened 4 years ago
Thanks for the info. Indeed, when we were implementing our access control subsystem, we referred to Casbin and that's why the format of configuration file is similar.
However, our model is more powerful. Simply speaking, our rules are Turing-complete. It's more like a home-made logic programming language that resembles Prolog. The resolution engine is written in Python and powered by MesaPy in SGX.
Teaclave faces some unique problems in terms of access control because it is dealing with multi-party trusted computation. I'm no access control expert so the current design and implementation are likely suboptimal. If you are interested in helping make improvements please let us know.
I saw we built a custom access control service here: https://github.com/apache/incubator-teaclave/pull/64 . I found it is actually re-implementing something like Casbin-RS: https://github.com/casbin/casbin-rs . I totally understood it because this PR is done in last November, but Casbin-RS only got primary features (RBAC, ABAC, etc.) done after last December. Actually Casbin supports 8 languages and Rust is the last one that got ready:)
So now I think we are safe to move to Casbin-RS finally because after 5 months' development, it's now ready for production and actively maintained. So teaclave maintainers don't need to take efforts to maintain this part of code.
teaclave model:
https://github.com/apache/incubator-teaclave/blob/c574bd6f9c5f0e8acd6526acd7dafa0dce2a4ec1/mesatee_services/acs/model.conf#L1-L32
Casbin RBAC model: