Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Authorization #535

Open
reid-spencer opened this issue Dec 21, 2023 · 0 comments
Open

Support Authorization #535

reid-spencer opened this issue Dec 21, 2023 · 0 comments
Assignees
@reid-spencer
Labels
enhancement New feature or request
Milestone
2.0 - Increase Th...

Comments

@reid-spencer
Copy link
Contributor

Security is a cross-cutting design element that should be factored into any design system.
It should be possible to specify RBAC style access constraints in the body of any Process
definition with syntax like:

role RWAccess is "A role that has no access to anything"
role ROAccess is "A role that allows read-only access"
context Foo is {
  accessible by ROAccess
  handler Writeables is {
    accessible by RWAccess
   ???
  }
}

So, Role is a new definition and definitions can specify who's allowed to access them. Applied at the context level,
it means every message in any handler in that context has those access privileges. In a handler, it means the
messages handled by that handler have those privileges. The principle of most specific specification wins is used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@reid-spencer reid-spencer

Labels
enhancement New feature or request
Projects
None yet
Milestone
2.0 - Increase The Utility Of The Abs...
Development

No branches or pull requests
1 participant
@reid-spencer