Today I created the ALPHA stying for CBAC (Context Based Access Control). CBAC is a security gem for Ruby on Rails and adds an extra abstraction layer to the well known RBAC (Role Based Access Control). With CBAC you can add context based security to your Rails app in just a few simple steps. I’m proud to be the first to blog about this new security system for rails!
What is Context Based Access Control?
well, compared to Role Based Access Control it has an extra abstraction layer to make contextual statements about a access rule. In RBAC you can say: User John has rights to edit the name of the ‘CBAC: The Rails Barrier’ post. This would have to be done for every user to every post. Now are there Abstractions like: Users that are in the group moderators have the right to edit the names of the blog posts on the “Yope’s Open Web” blog. But it still has to be created for every group to every blog. What CBAC is saying: User in the group moderators have the right to edit the names of the blog posts on the “Yope’s Open Web” blog if they are part of that blog. This is 1 rule for all the moderators on all the blogs.
This has been done before right?
Yes! it has, probably wordpress.com uses the same kind of concept to indicate the rights on all the blogs on their site. BUT the big difference is that CBAC is a made completely abstract. It fits straight on the application without adding any code directly to the app. This compared to wordpress.com where the owner of the blog is the one allowed to write on it and the security rules are part of the app. The security rules are completely separated from the code-base and can be edited in mid flight.
Is it done yet?
No! as in the logo, it is still alpha and the site looks like shit and has not enough info on it to actually work with it yet. I’ve also heard from the main developer that the API for the security is shifting at this moment. So IF you want to work with it I suggest you contact the main developer first!
What is my role in this context?
Well, as you’ve seen there is the first version of the logo and I’ve worked on t-shirts for FOSDEM upcoming weekend. Beyond that I’ve worked with the main developer on the concept and have been a bouncing board for the ideas and concepts. I’ve also done a tiny bit of QA on the first version and I’ve looked a bit at the licencing question. For now I’ll try to fix that hideous website into something more presentable.
But I will keep you posted on updates that I’ve done and new releases of the Ruby Gem.
ps: code joke for on the t-shirt…
Cbac::ContextRole.add :contributer do true if self.wearing?(:this) end