This library implements a in-memory relationship-based access control dababase, that was inspired by Google's Zanzibar.
A Object is a tuple of the values (namespace, id).
It represents a object like a user.
Example: (users, alice).
A Set is a tuple of the values (namespace, id, permission).
It represents a permission for a Object.
Example: (files, foo.pdf, read).
The RelationGraph-struct contains a graph of all relationships.
Relationships can be created between:
ObjectandSet=> user alice can read the file foo.pdf.SetandSet=> everyone who can read the file foo.pdf can read the file bar.pdf.
- The
*-id is used as a wildcard id to create a virtual relation from this id to every other id in the namespace. Example: (user,alice) -> (file,*,read) => user alice can read every file
- implement raft protocol to allow ha deployment
A basic gRPC based server for interacting with the database can be found in the git repository.
I'm happy about any contribution in any form. Feel free to submit feature requests and bug reports using a GitHub Issue. PR's are also appreciated.
This Library is licensed under LGPLv3.