xillion/authorization

Xillion Authorization Policy Framework for PHP

v1.0.0 2016-01-29 09:01 UTC

README

68747470733a2f2f732e79696d672e636f6d2f65612f696d672f2d2f3135303630342f63796e69635f31616d763869642d31616d76386a662e6a7067

What is Xillion Authorization?

Xillion Authorization is an Authorization Policy Framework based on Amazon's IAM and Resource policies.

It allows for decentralized, highly flexible security access control.

This is work in progress. See test/ for examples of usage.

Example usage:

use Xillion\Core\Resource;
use Xillion\Authorization\Action;
use Xillion\Authorization\PolicySerializer\JsonPolicySerializer;
use Xillion\Authorization\PolicyLoader\JsonPolicyLoader;


// The authorization context keeps track of policies, and can perform authorization checks
$context = new Context();

// What action is going to be performed?
$action = new Action('s3', 'ListBucket');

// Who is going to perform the action?
$identity = new Identity('AWS', 'xrn:aws:iam::AWS-account-ID:user/bob');

// What resource is the action going to be performed on?
$resource = new Resource('xrn:aws:s3:eu-west-1:12345:some-bucket');


// Load policies from a file
$loader = new JsonPolicyLoader();
$policy = $loader->load(__DIR__ . '/resource-policy1.json');

// Add the loaded policy to the context
$context->addResourcePolicy($resource, $policy);

// Check if the identity is allowed to perform the action on the resource
if ($context->isAllowed($identity, $resource, $action))) {
    echo "Action is allowed on this resource by this identity";
} else {
    echo "Action is denied on this resource by this identity";
}

License

MIT (see LICENSE)

Brought to you by the LinkORB Engineering team

687474703a2f2f7777772e6c696e6b6f72622e636f6d2f642f6d6574612f74696572312f696d616765732f6c696e6b6f7262656e67696e656572696e672d6c6f676f2e706e67
Check out our other projects at linkorb.com/engineering.

Btw, we're hiring!