Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How to implement ABAC authorization for enterprise applications?
1 point by KrishnaAnaril 4 months ago | hide | past | favorite | 2 comments
Past couple of days I was learning a bit about ABAC policy languages and some of the libraries. One of the most starred library in Github on the topic ABAC is 'Casbin' which uses a PERM model instead of the standard XACML. I did a POC using Casbin.NET and I find it very easy to understand and implement. When discussed with our senior architect, his opinion is to use the standard specification (XACML) and recommended Authzforce. If you have experience in any of the aforesaid technologies, please share your views.

I'm Casbin author. XACML is nearly 20 years old and it was a very classic ABAC implementation in the world. I used, learnt and studied it through my master and Ph.D career in the last ten years. That's part of the reason why I created Casbin 3 years ago during my Ph.D. I hope Casbin is some kind of improvement compared to XACML. XACML has been stable these years but Casbin is yound and still growing, so we can fix things that are not that good compared to XACML. Authzforce is under GPL-3, which needs to handle carefully for commercial use. Casbin is Apache 2.0. If you want to follow more famous standard, choose XACML. Otherwise choose Casbin.

That's some great info. Thanks for creating Casbin. :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact