incubator-cassandra-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aaron morton <aa...@thelastpickle.com>
Subject Re: Cassandra as Database for Role Based Access Control System
Date Tue, 20 Mar 2012 17:44:38 GMT
> user ---n:m--- role ---n:m--- resource
> 
I'm not sure what this means.

> While some inconsistencies may be acceptable, resource ownership (i.e. role=owner) must
never ever be mixed up.
> 
> 

If you are working at a high enough Consistent Level there Cassandra will provide consistent
behaviour. Row level isolation in 1.1. will also help. 

The best thing to do is come up with a design and ask for opinions.

Cheers
   
-----------------
Aaron Morton
Freelance Developer
@aaronmorton
http://www.thelastpickle.com

On 20/03/2012, at 7:47 PM, Maciej Miklas wrote:

> Hi *,
> 
> I would like to know your opinion about using Cassandra to implement a RBAC-like authentication
& authorization model. We have simplified the central relationship of the general model
(http://en.wikipedia.org/wiki/Role-based_access_control) to:
> 
> user ---n:m--- role ---n:m--- resource
> 
> user(s) and resource(s) are indexed with externally visible identifiers. These identifiers
need to be "re-ownable" (think: mail aliases), too.
> 
> The main reason to consider Cassandra is the availability, scalability and (global) geo-redundancy.
This is hard to achieve with a RBDMS.
> 
> On the other side, RBAC has many m:n relations. While some inconsistencies may be acceptable,
resource ownership (i.e. role=owner) must never ever be mixed up.
> 
> What do you think? Is such relational model an antipattern for Cassandra usage? Do you
know similar solutions based on Cassandra?
> 
> 
> 
> Regards,
> 
> Maciej
> 
> 
> 
> ps. I've posted this question also on stackoverflow, but I would like to also get feedback
from Cassandra community.
> 
> 
> 
> 
> 
> 


Mime
View raw message