Skip to content

warrant-dev/awesome-authorization

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Awesome Authorization Awesome GitHub Repo stars

A curated list of information and best practices for authorization and access control.

Contents


Overview

Authentication vs. Authorization

Access Control Models

  • ABAC - Attribute based access control.
  • DAC - Discretionary access control.
  • GBAC - Graph based access control.
  • MAC - Mandatory access control.
  • OrBAC - Organization based access control.
  • ReBAC - Relationship based access control.
  • RBAC - Role based access control.

Security Concerns

Best Practices

  • OWASP Authorization Cheat Sheet & Recommendations - Authz overview and recommendations for best practices.
    • Enforce least privileges and deny by default - Ensure that users and systems only have access to what they need and nothing else.
    • As fine-grained as possible - Authorization checks should be as specific as possible. Ideally, this means the system has the ability to check access based on specific records and resources.
    • Implement once and reuse - Keep authz logic in one place to ensure consistent checks and to prevent missed cases and potential security holes.
    • Maintain an audit log - Keep an authorization log (allow/deny) to track access and conduct audits where necessary.

Useful Articles & Tutorials

Authz In Practice

Videos & Talks