Supported Models

1. ACL (Список контролю доступу)
2. ACL з суперкористувачем
3. ACL without users: Particularly useful for systems lacking authentication mechanisms or user login functionality.
4. ACL without resources: Appropriate when permissions target resource types rather than individual resources. Examples include permissions like "write-article" and "read-log" that don't govern access to specific articles or logs.
5. RBAC (Контроль доступу на основі ролей)
6. RBAC with resource roles: Allows both users and resources to possess roles (or group memberships) simultaneously.
7. RBAC with domains/tenants: Enables users to hold different role sets across different domains or tenants.
8. ABAC (Attribute-Based Access Control): Utilizes convenient syntax like "resource.Owner" to access resource attributes.
9. PBAC (Policy-Based Access Control): A versatile access control approach where authorization decisions derive from rule-based policies, enabling dynamic, context-aware access control.
10. BLP (Bell-LaPadula): A formal state transition security model defining access control rules through security labels on objects and subject clearances.
11. Biba (Biba Integrity Model): A security model controlling information flow to maintain data integrity and prevent unauthorized modifications.
12. LBAC (Lattice-Based Access Control): A formal model merging confidentiality and integrity controls within a unified framework, using lattice structures for detailed access control decisions.
13. OrBAC (Organisation-Based Access Control): Extends RBAC through abstraction layers separating concrete entities from abstract security policies, facilitating flexible multi-organizational access control.
14. UCON (Usage Control): A modern access control model emphasizing ongoing authorization, mutable attributes, and a comprehensive framework encompassing authorizations, obligations, and conditions.
15. RESTful: Handles path patterns such as "/res/*" and "/res/:id", along with HTTP methods including "GET", "POST", "PUT", and "DELETE".
16. IP Match: Enables IP address-based matching for network-level access control.
17. Deny-override: Accommodates both allow and deny authorizations, with deny taking precedence over allow.
18. Priority: Permits prioritization of policy rules similar to firewall rule ordering.

Приклади

Модель	Файл моделі	Файл політики
ACL	basic_model.conf	basic_policy.csv
ACL з суперкористувачем	basic_with_root_model.conf	basic_policy.csv
ACL без користувачів	basic_without_users_model.conf	basic_without_users_policy.csv
ACL без ресурсів	basic_without_resources_model.conf	basic_without_resources_policy.csv
RBAC	rbac_model.conf	rbac_policy.csv
RBAC з ролями ресурсів	rbac_with_resource_roles_model.conf	rbac_with_resource_roles_policy.csv
RBAC з доменами/орендарями	rbac_with_domains_model.conf	rbac_with_domains_policy.csv
ReBAC	rebac_model.conf	rebac_policy.csv
ABAC	abac_model.conf	N/A
BLP	blp_model.conf	N/A
Biba	biba_model.conf	N/A
LBAC	lbac_model.conf	N/A
OrBAC	orbac_model.conf	orbac_policy.csv
IP Match	ipmatch_model.conf	ipmatch_policy.csv
RESTful	keymatch_model.conf	keymatch_policy.csv
Deny-override	rbac_with_not_deny_model.conf	rbac_with_deny_policy.csv
Allow-and-deny	rbac_with_deny_model.conf	rbac_with_deny_policy.csv
Пріоритет	priority_model.conf	priority_policy.csv
Явний Пріоритет	priority_model_explicit	priority_policy_explicit.csv
Пріоритет Суб'єкта	subject_priority_model.conf	subject_priority_policyl.csv