Hi, are there any examples of ABAC implementation using cerbos. Any example in git?

Plenty! Here is a reference getting started repo that implements a CRUD API https://github.com/cerbos/example-cerbos-policy-repository/tree/main What is your use case?

That's a broad question. What exactly do you mean?

We have authentication and RBAC done using keycloak. We want to try out ABAC with cerbos. Or move the whole authorization to cerbos. Before we take the jump, we want to see how it works with cerbos.

In a nutshell - you write yaml files, cerbos reads them, these yaml files contain all the "if-then-else" rules. Your application then calls cerbos REST api to evaluate the rules and get a response back saying access allowed or access denied.

Thanks for sharing the link. Will check the details to understand more.

Sorry, what do you mean by AWS examples?

In AWS, they use key-value pair for tag to decide the access control in ABAC. A good example is below:- The value of the "access-project" key is checked to take a decision.

{

"Version": "2012-10-17",

"Statement": [

{

"Sid": "TutorialAssumeRole",

"Effect": "Allow",

"Action": "sts:AssumeRole",

"Resource": "arn:aws:iam::account-ID-without-hyphens:role/access-*",

"Condition": {

"StringEquals": {

"iam:ResourceTag/access-project": "${aws:PrincipalTag/access-project}",

"iam:ResourceTag/access-team": "${aws:PrincipalTag/access-team}",

"iam:ResourceTag/cost-center": "${aws:PrincipalTag/cost-center}"

}

}

}

]

}

The doubt is: In cerbos, does it use key-value pairs of tags? Or any examples projects like above? Which I can take a look at? PS: https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_attribute-based-access-control.html