casbin-authz-plugin - Docker RBAC & ABAC Authorization Plug-in based on Casbin

  •        58

This plugin controls the access to Docker commands based on authorization policy. The functionality of authorization is provided by Casbin. Since Docker doesn't perform authentication by now, there's no user information when executing Docker commands. The access that Casbin plugin can control is actually what HTTP method can be performed on what URL path. NOTE: Before doing below, remove the authorization-plugin configuration added above and restart the docker daemon.

https://github.com/casbin/casbin
https://github.com/casbin/casbin-authz-plugin

Tags
Implementation
License
Platform

   




Related Projects

casbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Golang

  •    Go

Casbin is a powerful and efficient open-source access control library for Golang projects. It provides support for enforcing authorization based on various access control models. In Casbin, an access control model is abstracted into a CONF file based on the PERM metamodel (Policy, Effect, Request, Matchers). So switching or upgrading the authorization mechanism for a project is just as simple as modifying a configuration. You can customize your own access control model by combining the available models. For example, you can get RBAC roles and ABAC attributes together inside one model and share one set of policy rules.

authz - gin-authz is an authorization middleware for Gin

  •    Go

Authz is an authorization middleware for Gin, it's based on https://github.com/casbin/casbin. For how to write authorization policy and other details, please refer to the Casbin's documentation.

xorm-adapter - Xorm adapter for Casbin

  •    Go

Xorm Adapter is the Xorm adapter for Casbin. With this library, Casbin can load policy from Xorm supported database or save policy to it. This project is under Apache 2.0 License. See the LICENSE file for the full license text.

go-simple-api-gateway - [dev] simple api gateway written by golang

  •    Go

A simple API gateway written by golang. Support for authenticate and authorization, and web applications will be protected after the gateway.

declarative_authorization - An unmaintained authorization plugin for Rails

  •    Ruby

The declarative authorization plugin offers an authorization mechanism inspired by RBAC. The most notable distinction to other authorization plugins is the declarative approach. That is, authorization rules are not defined programmatically in between business logic but in an authorization configuration. With programmatic authorization rules, the developer needs to specify which roles are allowed to access a specific controller action or a part of a view, which is not DRY. With a growing application code base roles' permissions often change and new roles are introduced. Then, at several places of the source code the changes have to be implemented, possibly leading to omissions and thus hard to find errors. In these cases, a declarative approach as offered by decl_auth increases the development and maintenance efficiency.


rbac - PHP-RBAC is an authorization library for PHP

  •    PHP

PHP-RBAC is an authorization library for PHP. It provides developers with NIST Level 2 Hierarchical Role Based Access Control and more, in the fastest implementation yet. Take a look at the "Before You Begin" section of our Documentation to learn what an RBAC system is and what PHP-RBAC has to offer you and your project.

docker_auth - Authentication server for Docker Registry 2

  •    Go

The original Docker Registry server (v1) did not provide any support for authentication or authorization. Access control had to be performed externally, typically by deploying Nginx in the reverse proxy mode with Basic or other type of authentication. While performing simple user authentication is pretty straightforward, performing more fine-grained access control was cumbersome. Docker Registry 2.0 introduced a new, token-based authentication and authorization protocol, but the server to generate them was not released. Thus, most guides found on the internet still describe a set up with a reverse proxy performing access control.

ladon - A SDK for access control policies: authorization for the microservice and IoT age

  •    Go

Ladon is the serpent dragon protecting your resources.Ladon is a library written in Go for access control policies, similar to Role Based Access Control or Access Control Lists. In contrast to ACL and RBAC you get fine-grained access control with the ability to answer questions in complex environments such as multi-tenant or distributed applications and large organizations. Ladon is inspired by AWS IAM Policies.

Apache Fortress - Identity and Access Management

  •    Java

Apache Fortress the open source identity and access management built on OpenLDAP. Fortress is designed to address complex authentication, authorization and auditing needs simply and easily. It helps to ensure strict adherence to current security standards while allowing for ease of installation and ongoing maintenance. A standards-based access management system, written in Java, that provides role-based access control, delegated administration and password policy services with LDAP.

Search Guard - Elasticsearch plugin that offers encryption, authentication, and authorisation

  •    Java

Search Guard is an Elasticsearch plugin that offers encryption, authentication, and authorization. It builds on Search Guard SSL and provides pluggable authentication and authorization modules in addition. Search Guard is fully compatible with Kibana, Logstash and Beats.

ReadonlyREST - The first Open Source Security plugin for Elasticsearch

  •    Java

Expose the high performance HTTP server embedded in Elasticsearch directly to the public, safely blocking any attempt to delete or modify your data. It provides support to enable HTTPS, Authentication and Authorization, Access control list, Rule based access and lot more. This plugin instead is just a lightweight pure-Java filtering layer. Even the SSL layer is provided as an extra Netty transport handler.

MACA

  •    Java

The MACA objective is to provide user authentication, session management and authorization services independently of platform. Authorization servive is based on a contextual role-based access control model that extends NIST RBAC

gatekeeper - Gatekeeper: An Authentication & Authorization Library

  •    PHP

The Gatekeeper library is a simple drop-in library that can be used to manage users, permissions and groups for your application. The goal is to make securing your application as simple as possible while still providing a solid and secure foundation to base your user system around. Gatekeeper is best classified as a Role-Base Access Control (RBAC) system with users, groups and permissions. It is framework-agnostic and is set up to use its own database for the user handling.

Role Manager

  •    Java

Role Manager is a security management framework based on the NIST model for Role Based Access Control (RBAC) and the Java[TM] 2 Platform security standards. The access control policies and the RBAC Model are implemented using the RBAC profile of XACML.

zfc-rbac - Role-based access control module to provide additional features on top of Zend\Permissions\Rbac

  •    PHP

ZfcRbac is an access control module for Zend Framework 2, based on the RBAC permission model. If you are looking for older version of ZfcRbac, please refer to the 0.2.x branch. If you are using ZfcRbac 1.0, please upgrade to 2.0.

Portus - Authorization service and frontend for Docker registry (v2)

  •    Ruby

Portus is an authorization server and a user interface for the next generation of the Docker registry. Portus targets version 2 of the Docker Registry API. The minimum required version of Registry is 2.1, which is the first version supporting soft deletes of blobs. Portus supports the concept of users and teams. Users have their own personal Docker namespace where they have both read (aka docker pull) and write (aka docker push) access. A team is a group of users that have read and write access to a certain namespace. You can read more about this in our documentation page about it.

gorbac - goRBAC provides a lightweight role-based access control (RBAC) implementation in Golang.

  •    Go

goRBAC provides a lightweight role-based access control implementation in Golang.Version 1 is the original design which will only mantain to fix bugs.

yosai - A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

  •    Python

Yosai is a "security framework" that features authentication, authorization, and session management from a common, intuitive API. Yosai is based on Apache Shiro, written in Java and widely used today.

WMS Authorization Plugin

  •    CSharp

Windows Media Services Authorization Plugin provides easy, reliable and bullet proof protection of unauthorized access to your media files.