Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access control with VCs #32

Open
Tracked by #20
its-danny opened this issue Sep 11, 2024 · 0 comments
Open
Tracked by #20

Access control with VCs #32

its-danny opened this issue Sep 11, 2024 · 0 comments
Labels
exploring Not yet ready for working on feature New feature or request

Comments

@its-danny
Copy link
Contributor

tl;dr

I think it would be neat if we handled access control by issuing VCs to users.

The problem

As an IAM, it’s expected we have access control. We could not, and just suggest people use an existing solution, but I think there’s opportunity here to do something novel.

A proposal

I’m suggesting that we create our own access control system similar to RBAC, except that roles are issued as VCs. A neat side effect of doing it this way is that you can control access based on VCs that weren’t issued by you.

Policies could look something like this.

// Syntax

#priority (issuer, value) -> (effect, action, scope) condition

// Example

#1 ("did:acme", ("seniority", x)) -> (allow, "create", "projects") x >= args.0

// Usage

access::can(&user.did, "create", "project", (10));
@its-danny its-danny added feature New feature or request exploring Not yet ready for working on labels Sep 11, 2024
@its-danny its-danny mentioned this issue Sep 11, 2024
1 task
@its-danny its-danny moved this to Exploring in Roadmap Sep 11, 2024
@its-danny its-danny removed this from Roadmap Sep 11, 2024
@its-danny its-danny added this to Tasks Sep 16, 2024
@its-danny its-danny moved this to Backlog in Tasks Sep 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
exploring Not yet ready for working on feature New feature or request
Projects
Status: Backlog
Development

No branches or pull requests

1 participant