Anyone have a favorite way to model the authorization story in Clojure for a typical webserver web-browser cdatabase architecture? I'm thinking of modeling roles as keywords, mapping them to clojure functions, and using the keyword hierarchy.
I think it depends a lot on the granularity and flexibility of your authorization needs. For very simple needs, with static roles and static permission assigned to those roles, the model you propose may be just fine. For roles that can be created dynamically in the application itself (to assign or remove them to different users as needed), and where you grant or revoke permissions to those roles dynamically again, and where you where you want to hierarchically manage your permissions (e.g., you want to a role at the plant level that gives you some set of permissions on all production lines, and all the machines in each of those production lines, and all the gadgets in all machines, currently existing or that can be created in the future), then you need a more complex model where a persistence mechanism (typically a database) is involved.
@drewverlee, https://github.com/theronic/eacl is a situated https://en.wikipedia.org/wiki/Relationship-based_access_control authorization library based on SpiceDB, built in Clojure & backed by Datomic that directly addresses your problem of fine-grained hierarchical permissions. • Source: https://github.com/theronic/eacl • Rationale here: https://eacl.dev/ (I am the author.)
Thanks.