In order to show how the CBAS module can be used in the context of an example use case, a set of tests were written and included in the repository. These tests showcase the currently supported API, and serve as a good example of how a developer would use the CBAS library to implement authorization for their use case.
We first show how an instance of the CBAS library can be used to issue capabilities authorizing the holder to perform some actions on certain resources. The tests for getGrantsForCapability
and canGrantPrivilege
further show how the issued capability can be evaluated against a governance framework document (specifically the SGL statements in the rules
section) to grant certain defined privileges.
These useful helpers can aid the client in finding the appropriate capabilities for a request, and the server in evaluating / verifying received capabilities. The rest of the tests focus on the evaluateCapability
and evaluateInvocation
functions, which can be used to verify the signature and expiry date on a capability / invocation, and evaluate it against the rules
defined in the governance framework.