labac

Release 0.17

Label Based Access Control

Homepage PyPI Python

Keywords
access, control, list, acl
License
Other
Install
pip install labac==0.17

Documentation

Label Based Access Control (LaBAC)

What is LaBAC?

LaBAC is a simplified type of Attribute Based Access Control (ABAC). Where in ABAC there can be many attributes, in LaBAC there is only one attribute associated with object (named object-label) and one attribute associated with User (called user-label). As this access Control is based on label, I call it Label Based Access Control or LaBAC.

Label Hierarchy:

User-Label Hierarchy: As mention, we attach label on user and object. Label value can have hierarchy. For example, lets assume for a user, user-label is his position (you can say role as used RBAC) in the organization. So, possible uesr-label values are : {manager, employee, stuff}. As you can guess, a user labeled with 'employee' has all the acccess of a user labeled with 'stuff' and a user labeled with 'manager' has all the access for a user labeled with 'employee'. This explains user hierarchy. In this context label 'manager' dominates label 'employee' and 'employee' dominates 'stuff'

Object-label Hierarchy: Similarly to the user-label, objects can have label (otherwise said attribute) attached to it. For example, object label can be 'secret', 'confidential' and 'public'. Lets assume both 'secret' & 'condifential' dominate 'public'. What it means anyone who can access object labeled with 'secret' can also access object labeled with 'public'. Also, anyone who can access object labeled with 'confidential' can also access object labeled with 'public'

Policy: A policy say user with which label can access object with which label. One example, ('employee', read, 'confidential') means that users with label employee can read object with label confidential. Using object-label hierarchy reading object labeled with 'confidential' means also reading object labeled with 'public'.

Similarly, using user-label hierarchy, as 'manager' dominates 'employee', 'manager' should also be able to read object labeled with 'confidential' and 'public'

How to use this package?

In order to use labac, we need a configuration object, that capture user-label hierarchy, object-label hierarchy and policy. This configuration object is then Feed into the 'LBAC' object.

using previous example,

our user_labels are = ['manager', 'employee', 'stuff'] , manager dominate employee, employee dominate stuff. this user label hierarchy is captured as following list :

conf = Configuration()

user_hierarchy = [ ("manager",["employee"], ("employee",["stuff"]) ]

object_hierarchy = [ ("secret", ["public"]), ("confidential",["public"]) ]

conf.object_label_hierarchy = user_hierarchy

conf.user_label_hierarchy = object_hierarchy

conf.add_policy("read",[ ("confidential","employee" ) ] )

To see working script, check the test_simple_case() inside test.py

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
0
Forks
2
Watchers
2
Contributors
1
Repository size
203 KB
SourceRank
5

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.17

Contributors

Prosunjit


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2022-01-05 07:45:26 UTC

Login to resync this project