跳转至主要内容

Supported Models

  1. ACL (访问控制列表)
  2. 带有超级用户的ACL
  3. 无用户的ACL:这对于没有身份验证或用户登录的系统特别有用。
  4. 无资源的ACL:在某些情况下,目标是一种资源类型,而不是单个资源。 可以使用像"write-article"和"read-log"这样的权限。 这并不控制对特定文章或日志的访问。
  5. RBAC (基于角色的访问控制)
  6. 带有资源角色的RBAC:用户和资源同时可以拥有角色(或组)。
  7. 带有域/租户的RBAC:用户可以为不同的域/租户拥有不同的角色集。
  8. ABAC (基于属性的访问控制):可以使用类似"resource.Owner"的语法糖来获取资源的属性。
  9. PBAC (Policy-Based Access Control): A flexible access control model that makes authorization decisions based on policies defined as rules, supporting dynamic and contextual authorization.
  10. BLP (Bell-LaPadula): A formal state transition model of computer security policy that describes a set of access control rules which use security labels on objects and clearances for subjects.
  11. Biba (Biba Integrity Model): A computer security model that restricts information flow in a system to prevent unauthorized disclosure of classified information.
  12. LBAC (Lattice-Based Access Control): A formal access control model that combines confidentiality and integrity controls in a unified framework, implementing a lattice structure for granular access control decisions.
  13. OrBAC (Organisation-Based Access Control): Extends RBAC with abstraction layers that separate concrete entities from abstract security policies, enabling flexible multi-organizational access control.
  14. UCON (Usage Control): A next-generation access control model that emphasizes continuous authorization, attribute mutability, and a unified framework of authorizations, obligations, and conditions.
  15. RESTful:支持像"/res/*","/res/:id"这样的路径,以及像"GET","POST","PUT","DELETE"这样的HTTP方法。
  16. IP Match: Supports IP address matching for network-based access control.
  17. 拒绝优先:同时支持允许和拒绝授权,其中拒绝优先于允许。
  18. 优先级:策略规则可以设置优先级,类似于防火墙规则。

示例

模型模型文件策略文件
ACLbasic_model.confbasic_policy.csv
带有超级用户的ACLbasic_with_root_model.confbasic_policy.csv
无用户的ACLbasic_without_users_model.confbasic_without_users_policy.csv
无资源的ACLbasic_without_resources_model.confbasic_without_resources_policy.csv
RBACrbac_model.confrbac_policy.csv
带资源角色的RBACrbac_with_resource_roles_model.confrbac_with_resource_roles_policy.csv
带有域/租户的RBACrbac_with_domains_model.confrbac_with_domains_policy.csv
ReBACrebac_model.confrebac_policy.csv
ABACabac_model.confN/A
BLPblp_model.confN/A
Bibabiba_model.confN/A
LBAClbac_model.confN/A
OrBACorbac_model.conforbac_policy.csv
IP Matchipmatch_model.confipmatch_policy.csv
RESTfulkeymatch_model.confkeymatch_policy.csv
拒绝覆盖rbac_with_not_deny_model.confrbac_with_deny_policy.csv
允许和拒绝rbac_with_deny_model.confrbac_with_deny_policy.csv
优先级priority_model.confpriority_policy.csv
明确的优先级priority_model_explicitpriority_policy_explicit.csv
主题优先级subject_priority_model.confsubject_priority_policyl.csv