> user ---n:m--- role ---n:m--- resource > I'm not sure what this means.
> While some inconsistencies may be acceptable, resource ownership (i.e. > role=owner) must never ever be mixed up. > > If you are working at a high enough Consistent Level there Cassandra will provide consistent behaviour. Row level isolation in 1.1. will also help. The best thing to do is come up with a design and ask for opinions. Cheers ----------------- Aaron Morton Freelance Developer @aaronmorton http://www.thelastpickle.com On 20/03/2012, at 7:47 PM, Maciej Miklas wrote: > Hi *, > > I would like to know your opinion about using Cassandra to implement a > RBAC-like authentication & authorization model. We have simplified the > central relationship of the general model > (http://en.wikipedia.org/wiki/Role-based_access_control) to: > > user ---n:m--- role ---n:m--- resource > > user(s) and resource(s) are indexed with externally visible identifiers. > These identifiers need to be "re-ownable" (think: mail aliases), too. > > The main reason to consider Cassandra is the availability, scalability and > (global) geo-redundancy. This is hard to achieve with a RBDMS. > > On the other side, RBAC has many m:n relations. While some inconsistencies > may be acceptable, resource ownership (i.e. role=owner) must never ever be > mixed up. > > What do you think? Is such relational model an antipattern for Cassandra > usage? Do you know similar solutions based on Cassandra? > > > > Regards, > > Maciej > > > > ps. I've posted this question also on stackoverflow, but I would like to also > get feedback from Cassandra community. > > > > > >
