diff options
| author | mo khan <mo@mokhan.ca> | 2025-03-31 13:47:36 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-03-31 13:47:36 -0600 |
| commit | 65f0f8c6e92a190b6c20b06dfb90852d960c37d8 (patch) | |
| tree | 1126043ddb76661d2e5f9e2ac680bd49d2591f5c /doc/share/authz | |
| parent | 121a053afafa9e958e654a28bad5bfb799cadc53 (diff) | |
docs: add selection criteria scorecard
Diffstat (limited to 'doc/share/authz')
| -rw-r--r-- | doc/share/authz/POLICY.md | 53 | ||||
| -rw-r--r-- | doc/share/authz/README.md | 6 |
2 files changed, 56 insertions, 3 deletions
diff --git a/doc/share/authz/POLICY.md b/doc/share/authz/POLICY.md index eccf362..16a0a57 100644 --- a/doc/share/authz/POLICY.md +++ b/doc/share/authz/POLICY.md @@ -47,6 +47,59 @@ PaC policy engine characteristics: --------- ``` +Selection Criteria: + +* Alignment + - Technical Capabilities of team. + - Internal strategy for how tools and applications are adopted/managed. + - Fits the need and internal standards driving the decision + - Primary use cases match our use cases +* Analytics + - logging + - metrics + - auditing +* Automation + - CI/CD Pipelines + - Automated Deployments +* Documentation + - Examples + - Patterns + - Understandable +* Adoption + - Who is using this? + - How much adoption has this project seen? + - Active? + - Project Maturity + - Support Model + - Intuitive +* Complexity + - Installation + - Deployment + - Configuration + - Operation Modes (server, library, CLI) +* Reporting + * Standard reporting tools e.g. [OSCAL](https://pages.nist.gov/OSCAL/) +* Security + * Risks, vulnerabilities + * Tools and processes for security issue discovery +* Extensibility + * Can custom code be written to extend the language. + +Scorecard + +| Selection Criteria | Casbin | Cedar | Rego | +| ------------------ | ------ | ----- | ---- | +| Alignment | | | | +| Analytics | | | | +| Adoption | | | | +| Automation | | | | +| Documentation | | | | +| Complexity | | | | +| Reporting | | | | +| Security | | | | +| Extensibility | | | | +| Total | | | | + ## Security Context/Scope 1. Single resource diff --git a/doc/share/authz/README.md b/doc/share/authz/README.md index b052ea8..75c7757 100644 --- a/doc/share/authz/README.md +++ b/doc/share/authz/README.md @@ -13,10 +13,10 @@ identity of subjects and/or groups to which they belong. * [What is a policy?](./POLICY.md) * Policy Language Evaluation - * Zanzibar - * [Dafny](https://dafny.org/) - * Cedar * Casbin + * Cedar + * [Dafny](https://dafny.org/) + * Rego Criteria for evaluating policy languages: |