The Birth of Flexess

One day I realized that if I wanted to have a security framework, I needed to implement it myself. The problem that bothered me most of all was authorization. I was pretty happy with the cryptography provided by standard Java and various authentication methods provided by acegi, but I was basically missing two things:

• The ability to grant access to objects based on the values of their attributes; and


• Being able to easily cofigure the logic of access management by having the possibility to change access rules through some tool with a user interface.

I was honestly surprised when I couldn't find a solution on the market that offered those things.  Well, I'm not talking about IBM Tivoli Identity Manager or other monsters... they were definitely out of consideration because of their price.  

Another painful problem is the security model. The most popular access control paradigm is role-based access control, which defines concepts like roles, users and permissions. But what entity do we actually protect? Do we protect an object? Or a method of an object? What is permission? Does it only have an identifier or is it an object with a complex structure? Those were the questions that I felt needed answering.

Flexess is our attempt to answer those questions. Our project didn't appear in one day but it was a very long and hard process. First we created a conceptual model of our framework that we ended up throwing away after some time Afterwards, when we succeeded in building a model that all of us liked, we started implementation. As you can guess, several of our first attempts went in the garbage can but now we finally have a result that we're all happy with. Even if you decide not to use our solution, I hope that you will at least find some useful ideas here.   

Stay with us Next post is coming in a week ...