Discussion: Secure Domain Model, Policy with Labeled IO

[sudhirvkumar]

Building Secure systems with Haskell

Video: https://www.youtube.com/watch?v=jX-zsoPWah0 Presentation: https://cseweb.ucsd.edu/~dstefan/talks/strangeloop2016.pdf

lio: https://hackage.haskell.org/package/lio

Haskell enables us to build applications faster which are reliable, maintainable... and now.. we can also build applications which are secure.

The Idea is... MVC + Policy -> Model + Policy & VC

With policy we will be able to control who will be able to do what and which fields can be read/written by whom.

This will enable to separate code into trusted and untrusted code. Interns can write untrusted code and still not be able to introduce any security vulnerabilities.

[wz1000]

This is pretty much the Operation/Permission monad I was discussing with @saurabhnanda on Gitter.

[sudhirvkumar]

@wz1000 I need to catch up with the discussions in the gitter...