GitHub Quickstart

The GitHub scenario is an example of how to implement an authorization policy using a hierarchical, nested relationship-based access control (ReBAC) model.

The GitHub Quickstart includes:

• A domain model for GitHub, including organization, team, and repo object types, owner, admin, maintainer, writer, triager, and reader relationships, and can_read, can_triage, can_write, can_maintain, can_delete, and can_administer permissions.
• A policy instance called github which uses a boilerplate authorization policy called policy-rebac. This policy simply uses the underlying relationships to determine access.
• A connection to the Citadel Demo IDP, which contains five demo users based on the Rick & Morty cartoon.
• Sample resources, including Organizations such as citadel smiths, and Repos such as citadel.missions and smiths.budget. Rick & Morty have owner, writer, and reader relationships to these resources, demonstrating a relationship-based (ReBAC) model.
• A back-end API that uses the github policy for authorization, implemented in several languages.
• An interactive tutorial which helps construct curl requests to test the back-end API.

As you go through the Quickstart, you'll learn the following:

• How to instantiate the GitHub template.
• How to browse the directory and examine the manifest.
• How to evaluate policy decisions within the Aserto Evaluator.
• How to download and run the GitHub back-end API.
• How to construct curl requests to the back-end in order to test out the API.

Prerequisites

To follow this Quickstart you'll need to have an Aserto account. If you do not have one, you can create one here. Once you have created your tenant, you can continue.