https://github.com/arnoudvanderleer/talos
A multi level authorization project
Science Score: 13.0%
This score indicates how likely this project is to be science-related based on various indicators:
-
○CITATION.cff file
-
✓codemeta.json file
Found codemeta.json file -
○.zenodo.json file
-
○DOI references
-
○Academic publication links
-
○Academic email domains
-
○Institutional organization owner
-
○JOSS paper metadata
-
○Scientific vocabulary similarity
Low similarity (7.5%) to scientific vocabulary
Repository
A multi level authorization project
Basic Info
- Host: GitHub
- Owner: arnoudvanderleer
- License: apache-2.0
- Language: C#
- Default Branch: master
- Size: 45.9 KB
Statistics
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
- Releases: 1
Metadata Files
README.md
Talos
A "file system" permission project
The concept
This project aims to provide a convenient description mechanism for permissions of a file system in its broadest sense: "everything is a file". Any collection of resources can be modeled as a file system. Resources are dentified using a string (path) consisting of one or multiple levels separated by slashes. Users of the systeam each have a role which can inherit permissions of other roles. Permissions are specified using so-called permission rules, which are triplets of a boolean (allow or deny), the name of a role and the path of a resource. For example:
``` Student > Mara Student > Jeffrey
allow Admin / allow Student /home/[id] allow Mara /srv/nfs/music deny Jeffrey /home/[id]/config deny Admin /home/*/personalsecrets ```
The tools
Inheritance
``` A > B B > C
allow A x
deny A x/*
allow B x/y
allow C x/z
``
Ahas access tox,Bhas access to bothxandx/yandChas access tox,x/yandx/z`.
``` A > B
allow A x/*
deny B x/y
``
AlthoughAhas access tox/y,Bdoes not have access tox/y` as inherited access is overridden.
Variables
deny User session
allow User session/[sesid]
This allows a user access to a session, provided the session id matches the variable sesid.
Variables, like sets (see the section about sets below), are passed as key-value pairs to the matcher any time the permissions of a user to a resource are determined.
Sets
``` User > Admin
deny User devices/* allow User devices/{ownedDevices} allow User devices/{public}/control allow User devices/{allowedDevices}/control
allow Admin devices ``` A user has access to every device he owns and can control any device to which its owner has granted him access. The administrators however, have access to every device regardless of ownership.
Multiple matching rules
allow A x/*/z
deny A x/y/*
Both rules match the resource identifier x/y/z. The identifier most specific on the highest level of difference takes precedence. Therefore, the second rule is more specific and A does not have access to x/y/z.
Owner
- Name: Arnoud van der Leer
- Login: arnoudvanderleer
- Kind: user
- Repositories: 20
- Profile: https://github.com/arnoudvanderleer
GitHub Events
Total
Last Year
Issues and Pull Requests
Last synced: about 1 year ago
All Time
- Total issues: 0
- Total pull requests: 7
- Average time to close issues: N/A
- Average time to close pull requests: 17 days
- Total issue authors: 0
- Total pull request authors: 2
- Average comments per issue: 0
- Average comments per pull request: 0.0
- Merged pull requests: 6
- Bot issues: 0
- Bot pull requests: 0
Past Year
- Issues: 0
- Pull requests: 0
- Average time to close issues: N/A
- Average time to close pull requests: N/A
- Issue authors: 0
- Pull request authors: 0
- Average comments per issue: 0
- Average comments per pull request: 0
- Merged pull requests: 0
- Bot issues: 0
- Bot pull requests: 0
Top Authors
Issue Authors
Pull Request Authors
- arnoudvanderleer (6)
- vandenheuvel (1)
Top Labels
Issue Labels
Pull Request Labels
Dependencies
- NUnit 3.5.0