

Ask HN: Getting started with Access Control (B2B web application) - shorbaji

How would I get started implementing access control for an  business-to-business web application.<p>Any tips would do - design guidelines, warnings, frameworks, implementation approaches, libraries to use, etc.
======
jcapote
If you are familiar with rails (although it's worth learning if only for
this), then look into <http://wiki.github.com/stffn/declarative_authorization>

I use it in 99% of all my projects to implement just that...

~~~
shorbaji
Thanks. The plug-in description (which includes RBAC) looks like it might be
useful.

I did toy with rails while trying to choosing a framework over the past two
months - but chose to develop using Django. Is there an equivalent based on
Django/Python?

------
ivanyv
That is an extremely broad question, and the answer depends on your
application.

I suggest you outline what type of application you're building and related
requirements, and post that to <http://stackoverflow.com>

~~~
shorbaji
Thanks for the tip. The question is broad because I am looking for guidance
how to even get started tackling the problem.

The application will allow buyers to complex RFPs online & sellers to respond
to them - a collaboration. I will need access control to allow users within
and across companies to collaborate with appropriate restrictions.

