-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Role-Based Access Control (RBAC) APIs for python projects. The back-end is LDAP, an industry standard and proven means of processing security operations and data. Yes, it would be easier for projects to get started with something simple, like file-based. But, there are far too many drawbacks of that approach when in production.
We're talking python here and Apache Fortress is written in Java. Yes, you could deploy the Apache Fortress Rest server in your network and let your python applications communicate with it over HTTP. That's certainly a viable option and we're not telling you not to do that. However, from a simplicity standpoint, it's easier, and more efficient to skip the extra hop and communicate directly with the system of record, i.e. LDAP.
It's unproven. Wait, you just told us it's proven! Well, yes and no. Certainly, using LDAP to store and process security data are. Also, the Apache Fortress way of performing authorization by calling RBAC APIs is a best practice. But, this particular python API implementation is still, um, experimental. It "should" work because we've experience and thought it through. It's been reviewed and tested. But, to date, it hasn't been used in production (that we know of).
This one takes a leap of faith. It's based on the same object and data model as Apache Fortress. We know we're good there as there are plenty of implementations using it. It also uses python-ldap toolkit to access LDAP, which is also proven. But, there'll be some bugs. You have our commitment that we'll fix them in a timely manner on a best effort basis. Also, we'll answer your questions on getting started and integrating with python apps. We'll learn together with the benefit being your application security will be not be haphazard and uses best practices. That's not a guarantee, but it's the best we've got.
-- Shawn