Backstory
Before I became a full-time developer on a PHP team in 2018, I had been studying role based authorization (RBA) for an Elixir application I was developing part-time. Ever since, I have missed working in Elixir.
To sharpen my Elixir skills, I want to create an RBA library. There are a few existing libraries, but they seem to be intended for single-tenant applications. I think there is room for a multi-tenant library for B2B applications that serve multiple businesses.
Arbiter
So far, I have written about the intent and preliminary design in the readme. I have also created the modules I expect to need, and started writing tests for the Organization module. I’m hoping to TDD this project to discover the optimal abstractions and to satisfy potential security requirements.
As I get started on the design, I want to hear from potential users to test my ideas. It’s worth noting is that this is my first open source project. I have been working on internal PHP applications and a custom framework, but nothing public-facing. I’ve learned the importance of hearing from users before spending hours/weeks on implementation.
Question Time
- Have you used one of the existing libraries or built custom RBA tools?
- What were the benefits and pain points?
- Do I need a Policy module?
- What are some possible hard requirements for adoption?
- Could the library accept (potentially decorate) a User struct from other auth libraries/modules?
- How?
-
If Ecto is a dependency, should it default to ETS, SQLite, or Postgres?
- Could/should the library avoid persistence entirely, leaving that to the user?
- Would telemetry be useful in this kind of library?
- Do you have any other suggestions?