Skip to content
/ casbin-ucon Public

A UCON (Usage Control) extension for Casbin that provides session-based access control with conditions, obligations, and continuous monitoring

github.com/casbin/casbin

License

Apache-2.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

casbin/casbin-ucon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
ucon_enforcer.go
ucon_enforcer.go
 
 
ucon_enforcer_interface.go
ucon_enforcer_interface.go
 
 

Repository files navigation

casbin-ucon

A UCON (Usage Control) extension for Casbin that provides session-based access control with conditions, obligations, and continuous monitoring.

Overview

Casbin-UCON extends Casbin with UCON (Usage Control) capabilities, enabling:

  • Session-based access control with dynamic attributes
  • Condition evaluation for contextual constraints
  • Obligation execution for required actions
  • Continuous monitoring for ongoing authorization

Installation

go get github.com/casbin/casbin-ucon

Quick Start

package main

import (
    "github.com/casbin/casbin/v2"
    "github.com/casbin/casbin-ucon"
)

func main() {
    // Create standard Casbin enforcer
    e, _ := casbin.NewEnforcer("model.conf", "policy.csv")

    // Wrap with UCON functionality
    uconE := ucon.NewUconEnforcer(e)

    // Add conditions
    condition := &ucon.Condition{
        ID:   "time_condition",
        Type: "temporal",
        Expr: "working_hours",
    }
    uconE.AddCondition(condition)

    // Add obligations
    obligation := &ucon.Obligation{
        ID:   "log_access",
        Type: "post",
        Expr: "audit_log",
    }
    uconE.AddObligation(obligation)

        // Create a session
    sessionID, _ := uconE.CreateSession("alice", "read", "document1", map[string]interface{}{
        "department": "engineering",
        "clearance":  "secret",
    })

    // UCON session-based enforcement
    if res, err := uconE.EnforceWithSession(sessionID); res {
        // the session has started
    }else{
        // deny the request, show an error
    }
}

Basic API

// Enhanced enforcement
EnforceWithSession(sessionID string) (bool, error)

// Session management
CreateSession(subject, action, object string, attributes map[string]interface{}) (string, error)
GetSession(sessionID string) (*SessionImpl, error)
RevokeSession(sessionID string) error

// Condition  management
AddCondition(condition *ConditionImpl) error
EvaluateConditions(sessionID string) (bool, error)
//obligation management
AddObligation(obligation *ObligationImpl) error
ExecuteObligations(sessionID string) error

// Monitoring
StartMonitoring(sessionID string) error
StopMonitoring(sessionID string) error

Status

Development Status: This project is in an early development stage and features may change frequently.

Current Features:

  • Core interface definitions
  • Basic session management
  • Foundation for conditions, obligations, and monitoring
  • Full Casbin compatibility

License

Apache 2.0 License - see LICENSE for details.

About

A UCON (Usage Control) extension for Casbin that provides session-based access control with conditions, obligations, and continuous monitoring

github.com/casbin/casbin

Topics

go golang model session auth authorization permission access-control authz casbin usage-control ucon

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Sponsor this project

 
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 2

  •  
  •  

Languages