Our great sponsors
-
CheatSheetSeries
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
casbin
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang: https://discord.gg/S5UjpzGZjN
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
OWasp cheat sheet on how to do ACL in Web App.
https://github.com/CanCanCommunity/cancancan (Ruby on Rails ABAC) Same like casl.js, but for Ruby on Rails! Casl.js was actually inspired and modeled by cancancan.
https://github.com/varvet/pundit Popular open-source Ruby library focused around the notion of policies, giving you the freedom to implement your own approach based on that.
https://github.com/dfunckt/django-rules A generic, approachable open source framework for building rule-based systems in Django (Python).
You can check out our discussion about this in our “Support for Permissions” RFC.
https://casbin.org/ (multiple approaches, multiple languages, provider) Open source authZ library that has support for many access control models (ACL, RBAC, ABAC, …) and many languages (Go, Java, Node.js, JS, Rust, …). While somewhat complex, it is also powerful and flexible. They also have their Casdoor platform, which is authN and authZ provider.
Auth0 (provider) Auth0 has been around for some time and is probably the most popular authN provider out there. While authN is their main offering (they give you SDKs for authentication + they store user profiles and let you manage them through their SaaS), they also allow you to define authZ to some degree, via RBAC and policies.
Related posts
- I made a complete Team support in React for my App: a Multi-tenancy SaaS. Live demo in the comments
- Authorization is still a nightmare for engineers
- CASL – Isomorphic authorization JavaScript library
- Top 5 Access Control Features You Should Implement in 2024
- OPAL: A Flexible, Self-Hosted Authorization Solution Inspired by Netflix's AuthZ Strategy