Support casbin as the authorization backend

[hsluoyz]

Hi, Casbin is an authorization library that supports models like ACL, RBAC, ABAC.

Related to RBAC, Casbin has several advantages:

1. roles can be cascaded, aka roles can have roles.
2. support resource roles, so users have their roles and resource have their roles too. role = group here.
3. the permission assignments (or policy in casbin's language) can be persisted in files or database (MySQL and Cassandra).

And you can even customize your own access control model, for example, mix RBAC and ABAC together by using roles and attributes at the same time. It's very flexible.

I think it's more powerful than the current ACL. I can make PR if you like. Let me know if you have any questions:)

[douglas-reid]

Having a casbin adapter for Check() within the mixer (which I think is what you suggesting) seems like it could be very useful. Thanks for drawing our attention to it.

Having your help building it would be great. We are currently in the process of refining the adapter story within Mixer (and have no development docs, etc., to support adapter authors at this time). Hopefully, in a month or two, we will have a good story for how to best add new adapters (and how to use distributed adapter repos, etc.). Perhaps we should circle back here after the dust settles?

[hsluoyz]

Good to hear about the adapters. I'm OK to integrate based on it. Thanks for the news!