Skip to content

Latest commit

 

History

History
100 lines (88 loc) · 11 KB

README.md

File metadata and controls

100 lines (88 loc) · 11 KB

Awesome Authorization Awesome GitHub Repo stars

A curated list of information and best practices for authorization and access control.

Contents


Overview

Authentication vs. Authorization

Access Control Models

  • ABAC - Attribute based access control.
  • DAC - Discretionary access control.
  • GBAC - Graph based access control.
  • MAC - Mandatory access control.
  • OrBAC - Organization based access control.
  • ReBAC - Relationship based access control.
  • RBAC - Role based access control.

Security Concerns

Best Practices

  • OWASP Authorization Cheat Sheet & Recommendations - Authz overview and recommendations for best practices.
    • Enforce least privileges and deny by default - Ensure that users and systems only have access to what they need and nothing else.
    • As fine-grained as possible - Authorization checks should be as specific as possible. Ideally, this means the system has the ability to check access based on specific records and resources.
    • Implement once and reuse - Keep authz logic in one place to ensure consistent checks and to prevent missed cases and potential security holes.
    • Maintain an audit log - Keep an authorization log (allow/deny) to track access and conduct audits where necessary.

Useful Articles & Tutorials

Authz In Practice

Videos & Talks