Ask HN: Practical ways to handle authorization logic
There doesn't seem to be a generally accepted approach to express and apply Authorization Logic. Ruby on Rails popularized a certain style of web application framework (MVC, ActiveRecord). Is there a similar set of concepts for applying a flexible authorization scheme generally?
* Many applications use ACLs ("If you're an admin, you can do this thing") * some use variations of RBAC * Most seem home-rolled in some way, and existing frameworks seem too complicated/opinionated
0 comments
[ 0.30 ms ] story [ 8.1 ms ] threadNo comments yet.