-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Role-Based Access Control (RBAC) APIs for python projects. The back-end is LDAP, an industry standard and proven means of processing security operations and data. Yes, it would be easier for projects to get started with something simple, like file-based. But, there are far too many drawbacks of that approach when in production.
We're talking python here and Apache Fortress is written in Java. Yes, you could deploy the Apache Fortress Rest server in your network and let your python applications communicate with it over HTTP. That's certainly a viable option and we're not telling you not to do that. However, from a simplicity standpoint, it's easier, and more efficient to skip the extra hop and communicate directly with the system of record, i.e. LDAP.
It's unproven. Wait, you just told us it's proven! Well, yes and no. Certainly, using LDAP to store and process security data are. Also, the Apache Fortress way of performing authorization by calling RBAC APIs is a best practice. But, this particular python API implementation is still, um, experimental. It "should" work because we've vast experience doing this "kind" of thing. We've thought about it carefully. The APIs have been reviewed and tested. But, to date, it hasn't been used in production (that we know of).
This takes a leap of faith. PY-Fortress uses the same logical and physical data model as Apache Fortress. We're good there because plenty of implementations use it. It also uses python-ldap toolkit to access LDAP, which is also proven. But, there will be bugs. You have our commitment to fix in a "timely" manner on a "best effort" basis. Also, we'll answer your questions on getting started and integrating with python apps. We'll learn together with the benefit being your security is not haphazard and uses best practices. That's not a guarantee, but it's the best we've got.
-- Shawn