2015-10-03 Saturday - Groups, Roles, Permissions

Today I'm spending some time researching various solutions (Commercial, SaaS, Open Source)   that may offer some ideas for implementing a custom framework for the concept of Identity Management, Access Control, Groups, Roles, and Permissions. This posting is a placeholder for resources that I find - that may be of interest/use to others.

Concepts...............................................................

• Identity Management Objects (IDM)
• Realm
• Group
• Roles
• Permission
• User
• Agent

General...............................................................

https://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks/

http://gitreview.com/packages/t/permissions/
- 131 packages tagged with 'permissions'
http://gitreview.com/packages/t/authorization/
- 339 packages tagged with 'authorization'
http://gitreview.com/packages/t/rbac/
- 82 packages tagged with 'rbac'

Commercial Solutions - Access/Identity Management...............................................................

https://www.pingidentity.com/en/products/pingaccess.html

https://www.pingidentity.com/

SaaS - Identity API...............................................................

https://stormpath.com/

Go...............................................................

goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang
https://github.com/mikespook/gorbac


PHP...............................................................

https://laracasts.com/discuss/channels/general-discussion/roles-and-permissions-in-laravel-5
https://laracasts.com/discuss/channels/laravel/which-package-is-best-for-roles-permissions
https://github.com/laracasts/Users-and-Roles-in-Laravel
https://laracasts.com/series/whats-new-in-laravel-5-1/episodes/16
https://github.com/laracasts/laravel-5-roles-and-permissions-demo
https://laracasts.com/lessons/users-and-roles
http://laravel.com/docs/5.1/authentication
http://laravel.com/docs/5.1/authorization

A Laravel 5 Boilerplate project
https://github.com/rappasoft/laravel-5-boilerplate
https://github.com/rappasoft/laravel-5-boilerplate#permission-dependencies

A framework agnostic authentication & authorization system
https://github.com/cartalyst/sentinel
http://igg.me/at/sentinel-open-source

https://cartalyst.com/manual/sentinel/2.0

https://cartalyst.com/manual/sentinel/2.0#authorization

https://cartalyst.com/

https://github.com/cartalyst/sentry
- [DEPRECATED] framework agnostic authentication & authorization system
https://www.indiegogo.com/projects/sentinel-open-source#/

Roles & Permissions for the Laravel 5 Framework
https://github.com/rappasoft/vault
[DEPRECATED]


Role-based permissions for Laravel 5
https://github.com/Zizaco/entrust
- an interesting, rudimentary capability

Authorization PHP package for Laravel 4, 5.0, and 5.1
https://github.com/efficiently/authority-controller
- a port of CanCan


package for handling roles and permissions in Laravel 5 (5.1 and 5.0)
https://github.com/romanbican/roles
- supports inheritance of permissions...
- can attach/detach permissions to a role or directly to a specific user
- some interesting ideas/features...

Laravel 5 roles and permissions package with support for Laravel's authentication contract
https://github.com/caffeinated/shinobi/


Simple permission checker for Nette Framework
https://github.com/iPublikuj/permissions

https://nette.org/
https://doc.nette.org/en/2.3/
https://doc.nette.org/en/2.3/getting-started
https://doc.nette.org/en/2.3/access-control


https://github.com/zendframework/zend-permissions-rbac
http://framework.zend.com/docs
http://framework.zend.com/manual/current/en/modules/zend.authentication.intro.html
http://framework.zend.com/manual/current/en/modules/zend.permissions.acl.intro.html
http://framework.zend.com/manual/current/en/modules/zend.permissions.rbac.intro.html

http://stackoverflow.com/questions/15718280/zend-framework-2-with-zfc-rbac-database-population

Role-based access control module to provide additional features on top of Zend\Permissions\Rbac
https://github.com/ZF-Commons/zfc-rbac

https://github.com/ZF-Commons/ZfcAcl
[DEPRECATED]

• See: https://github.com/bjyoungblood/BjyAuthorize

User Access Control List for Zend Framework 2
https://github.com/kaushalkishorejaiswal/UsersACL


http://symfony.com/doc/current/cookbook/security/index.html

• http://symfony.com/doc/current/cookbook/security/acl.html
• http://symfony.com/doc/current/cookbook/security/acl_advanced.html

- very good overview of the symphony features...


Provides user management for your Symfony2 Project - Compatible with Doctrine ORM and ODM and Propel
https://github.com/FriendsOfSymfony/FOSUserBundle

• https://symfony.com/doc/master/bundles/FOSUserBundle/index.html
• https://github.com/FriendsOfSymfony 

http://www.yiiframework.com/doc/guide/1.1/en/topics.auth
http://www.benjaminlhaas.com/blog/installing-yii-users-and-rights-5-steps
http://www.yiiframework.com/

Authentication, Authorization, and API Proxy Service
(An EVE online authentication and mediated API access application.)
https://github.com/bravecollective/core
https://github.com/bravecollective/php-api

https://core.braveineve.com/ 

Java/Scala/JVM...............................................................

Apache Syncope - an Open Source system for managing digital identities in enterprise
http://syncope.apache.org/

http://alexgaribay.com/2014/06/16/authentication-in-play-framework-using-java/

authorization module for the Play framework

https://github.com/schaloner/deadbolt-2

http://deadbolt.ws

http://picketlink.org/

http://www.picketlink.org/gettingstarted/idm_overview/

- see Identity Model

http://people.apache.org/~sgoeschl/blog/posts/picketlink/picketlink-for-rookies/

• https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authorization-acl
• http://docs.jboss.org/picketlink/2/latest/reference/html-single/#chap-Identity_Management_-_Permissions_API_and_Permission_Management
• https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authorization-rs-rbac
• https://github.com/jboss-developer/jboss-picketlink-quickstarts/tree/master/picketlink-authorization-drools
• https://github.com/jboss-developer/jboss-picketlink-quickstarts/blob/master/picketlink-authorization-drools/src/main/resources/security/security-rules.drl
• http://docs.jboss.org/picketlink/2/latest/reference/html-single/#Overview3

Spring Security

http://projects.spring.io/spring-security/

http://docs.spring.io/spring-security/site/docs/4.0.3.CI-SNAPSHOT/reference/htmlsingle/

http://docs.spring.io/spring-security/site/docs/4.0.3.CI-SNAPSHOT/reference/htmlsingle/#tech-intro-access-control

pack4j - authenticate with Facebook, Twittter, or Google

http://www.pac4j.org/authenticatewithfacebooktwittergooglein5minutes.html

https://www.jahia.com/documentation-and-downloads/developers-techwiki/roles-and-permissions-7

• https://www.jahia.com/documentation-and-downloads/developers-techwiki/roles-and-permissions-7/roles-concepts
• https://www.jahia.com/documentation-and-downloads/developers-techwiki/roles-and-permissions-7/roles-permissions-related-rules
• https://www.jahia.com/documentation-and-downloads/developers-techwiki/roles-and-permissions-7/checking-permissions
• https://www.jahia.com/products/digital-factory

https://en.wikipedia.org/wiki/Shibboleth_%28Internet2%29

• https://shibboleth.net/
• https://shibboleth.net/about/basic.html
• https://www.unicon.net/opensource/shibboleth
• https://it.uoregon.edu/sites/default/files/Federated%20IdM%20and%20Shib.pdf
• https://packagist.org/search/?tags=shibboleth

JavaScript...............................................................

https://www.npmjs.com/browse/keyword/roles

https://www.npmjs.com/search?q=rbac

Roles and permissions system for Nodejs

https://gist.github.com/facultymatt/6370903

• https://github.com/tschaub/authorized

http://mean.io/

http://learn.mean.io/#mean-stack-packages-core-packages

Python...............................................................

http://docs.openstack.org/developer/keystone/

https://www.djangopackages.com/grids/g/perms/

http://www.django-rest-framework.org/api-guide/permissions/

https://docs.djangoproject.com/en/1.8/topics/auth/

http://pythonhosted.org/Flask-Principal/

https://github.com/mattupstate/flask-principal

Pyramid Web Framework

http://www.pylonsproject.org/

http://docs.pylonsproject.org/en/latest/

http://docs.pylonsproject.org/projects/pyramid//en/latest/index.html

http://docs.pylonsproject.org/projects/pyramid//en/latest/narr/security.html

Ruby...............................................................

https://www.ruby-toolbox.com/categories/rails_authorization

list of solutions...

http://www.agileweboperations.com/role-based-permissions-for-your-ruby-on-rails-application

Authorization Gem for Ruby on Rails
https://github.com/ryanb/cancan
simple authorization solution for Rails which is decoupled from user roles...all permissions are stored in a single location

• Also see: https://github.com/CanCanCommunity/cancancan

Authority helps you authorize actions in your Rails app
https://github.com/nathanl/authority

https://github.com/be9/acl9

https://github.com/the-teacher/the_role

https://github.com/alanning/meteor-roles

Dashboard that allows you to manage roles and permissions for Auth0 users
https://github.com/auth0/auth0-roles-permissions-dashboard-sample

simple authorization solution for Rails which is decoupled from user roles...all permissions are stored in a single location
https://www.ruby-toolbox.com/categories/rails_authorization


Misc...............................................................

https://docs.reduxframework.com/core/fields/using-permissions/