Tuesday, March 11, 2008

Ruby Authorization and Entitlement

We are bearing down on our first release (first of many on a big roadmap). Times are crazy, yet a lot of fun. I feel strange posting here - its been a while. Well, at least I tweat fairly regularly.

Anyway, our final iteration of our initial release is primarily focused on authentication, authorization, and entitlement.

I have a feeling we'll end up rolling our own, but there are a number of Rails plug-ins out there for this purpose that may have some useful bits. Also, a number of Ruby based rules engines.

So far, my real tired google search turned up:

I'll dig into these tomorrow. Let me know if you have had success with these or any other plug-ins/gems that may be of use for a fairly sophisticated user authorization/entitlement impl.

I'll try to update this post with our findings.

19-MAR-2008 Update

We are still digging into this, but so far we haven't used any above given our situation, but Bill Katz Rails Authorization Plug-in looks somewhat promising so far. Seems easy enough to make work with SiteMinder in front of you.

27-MAR-2008 Update In case anyone stumbles upon this later, we ended up writing our own. Nothing against the other's we just didn't see enough compelling in them to take them on. Rolling our own seemed easiest.


MWesty said...


I suppose I could do a search...but what do you mean by entitlement?

Mike W.

fuzzy said...

Its really just a fancy word for permission. I'm not that into that word personally. I prefer permission :) I retract the word entitlement.

You can google it though on the internet machine if you are interested and you will find some vendors talking about it.

MWesty said...

I hate that word. I'm sure some marketing guy made it up. Now they have a whole other category to talk about in addition to authorization/authentication. We should outlaw it immediately before they raise prices because of the "added functionality" the new word provides.

Robert Thau said...

I've extracted the permissioning code from my company's new Rails application into a plugin, tentatively called SmartGuard (though there may be trademark problems with that). The basic idea is that roles and permissions are stored in the database; the code then allows model classes to make validation-style declarations like

require_privilege :manage, :for_action => [:create, :delete], :to_set_attribute => [...]

More info, including presentation slides and pointers to the code, is here.

fuzzy said...

Thanks Robert. I took a look. Looks pretty sophisticated. And we need a lot of that foo. May not use immediately, but looks promising.