3 files changed, 373 insertions, 0 deletions
diff --git a/.html/authnz/_list.html b/.html/authnz/_list.html
new file mode 100644
index 0000000..c7948ab
--- /dev/null
+++ b/.html/authnz/_list.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		ls /authnz
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">authnz</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						<span class="list-crumb">list</span>
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="listing">
+		<h1><code>ls /authnz</code></h1>
+
+		
+
+		
+			<div id="pages">
+				<h2>Pages</h2>
+				<ul>
+					
+						<li><a href="users-rolegraph-privs">A Users, Roles &amp; Privileges Scheme Using Graphs</a></li>
+					
+				</ul>
+			</div>
+		
+
+		
+	</div>
+
+
+	
+	
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/authnz">See this directory on Bitbucket</a>.
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
+\ No newline at end of file
diff --git a/.html/authnz/index.html b/.html/authnz/index.html
new file mode 100644
index 0000000..c7948ab
--- /dev/null
+++ b/.html/authnz/index.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		ls /authnz
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">authnz</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						<span class="list-crumb">list</span>
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="listing">
+		<h1><code>ls /authnz</code></h1>
+
+		
+
+		
+			<div id="pages">
+				<h2>Pages</h2>
+				<ul>
+					
+						<li><a href="users-rolegraph-privs">A Users, Roles &amp; Privileges Scheme Using Graphs</a></li>
+					
+				</ul>
+			</div>
+		
+
+		
+	</div>
+
+
+	
+	
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/authnz">See this directory on Bitbucket</a>.
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
+\ No newline at end of file
diff --git a/.html/authnz/users-rolegraph-privs.html b/.html/authnz/users-rolegraph-privs.html
new file mode 100644
index 0000000..79e1bbe
--- /dev/null
+++ b/.html/authnz/users-rolegraph-privs.html
@@ -0,0 +1,197 @@
+<!DOCTYPE html>
+<html>
+<head>
+	<title>
+		The Codex » 
+		A Users, Roles &amp; Privileges Scheme Using Graphs
+	</title>
+
+	<link
+		rel='stylesheet'
+		type='text/css'
+		href='http://fonts.googleapis.com/css?family=Buenard:400,700&amp;subset=latin,latin-ext'>
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/reset.css">
+	<link
+		rel="stylesheet"
+		type="text/css"
+		href="../media/css/grimoire.css">
+</head>
+<body>
+
+<div id="shell">
+	
+		<ol id="breadcrumbs">
+			
+				<li class="crumb-0 not-last">
+					
+						<a href="../">index</a>
+					
+				</li>
+			
+				<li class="crumb-1 not-last">
+					
+						<a href="./">authnz</a>
+					
+				</li>
+			
+				<li class="crumb-2 last">
+					
+						users-rolegraph-privs
+					
+				</li>
+			
+		</ol>
+	
+
+	
+	<div id="article">
+		<h1 id="a-users-roles-privileges-scheme-using-graphs">A Users, Roles &amp; Privileges Scheme Using Graphs</h1>
+<p>The basic elements:</p>
+<ul>
+<li>Every agent that can interact with a system is represented by a <strong>user</strong>.</li>
+<li>Every capability the system has is authorized by a distinct <strong>privilege</strong>.</li>
+<li>Each user has a list of zero or more <strong>roles</strong>.<ul>
+<li>Roles can <strong>imply</strong> further roles. This relationship is transitive: if
+  role A implies role B, then a member of role A is a member of role B; if
+  role B also implies role C, then a member of role A is also a member of
+  role C. It helps if the resulting role graph is acyclic, but it's not
+  necessary.</li>
+<li>Roles can <strong>grant</strong> privileges.</li>
+</ul>
+</li>
+</ul>
+<p>A user's privileges are the union of the privileges granted by the transitive
+closure of their roles.</p>
+<h2 id="in-sql">In SQL</h2>
+<pre><code>create table "user" (
+    username varchar
+        primary key
+    -- credentials &amp;c
+);
+
+create table role (
+    name varchar
+        primary key
+);
+
+create table role_member (
+    role varchar
+        not null
+        references role,
+    member varchar
+        not null
+        references "user",
+    primary key (role, member)
+);
+
+create table role_implies (
+    role varchar
+        not null
+        references role,
+    implied_role varchar
+        not null
+);
+
+create table privilege (
+    privilege varchar
+        primary key
+);
+
+create table role_grants (
+    role varchar
+        not null
+        references role,
+    privilege varchar
+        not null
+        references privilege,
+    primary key (role, privilege)
+);
+</code></pre>
+<p>If your database supports recursive CTEs, querying this isn't awful, since we
+can have the database do all the graph-walking along roles:</p>
+<pre><code>with recursive user_roles (role) AS (
+    select
+        role
+    from
+        role_member
+    where
+        member = 'SOME USERNAME'
+    union
+    select
+        implied_role as role
+    from
+        user_roles
+        join role_implies on
+            user_roles.role = role_implies.role
+)
+select distinct
+    role_grants.privilege as privilege
+from
+    user_roles
+    join role_grants on
+        user_roles.role = role_grants.role
+order by privilege;
+</code></pre>
+<p>If not, get a better database. Recursive graph walking with network round
+trips at each step is stupid and you shouldn't do it.</p>
+<p>Realistic uses should have fairly simple graphs: elemental privileges are
+grouped into abstract roles, which are in turn grouped into meaningful roles
+(by department, for example), which are in turn granted to users. In
+PostgreSQL, the above schema handles ~10k privileges and ~10k roles with
+randomly-generated graph relationships in around 100ms on my laptop, which is
+pretty slow but not intolerable. Perverse cases (interconnected total
+subgraphs, deeply-nested linear graphs) can take absurd time but do not
+reflect any likely permissions scheme.</p>
+<h2 id="what-sucks">What Sucks</h2>
+<ul>
+<li>Graph theory in my authorization system? It's more likely than you think.</li>
+<li>There's no notion of revoking a privilege. If you have a privilege by any
+  path through your roles, then it cannot be revoked except by removing all of
+  the paths that lead back to that privilege.</li>
+<li>Not every system has an efficient way to compute these graphs.<ul>
+<li>PostgreSQL, as given above, has a hard time with unrealistically-deep
+  nested roles.</li>
+</ul>
+</li>
+</ul>
+	</div>
+
+
+	
+<div id="comments">
+<div id="disqus_thread"></div>
+<script type="text/javascript">
+    /* * * CONFIGURATION VARIABLES: EDIT BEFORE PASTING INTO YOUR WEBPAGE * * */
+    var disqus_shortname = 'grimoire'; // required: replace example with your forum shortname
+
+    /* * * DON'T EDIT BELOW THIS LINE * * */
+    (function() {
+        var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
+        dsq.src = 'http://' + disqus_shortname + '.disqus.com/embed.js';
+        (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq);
+    })();
+</script>
+<noscript>Please enable JavaScript to view the <a href="http://disqus.com/?ref_noscript">comments powered by Disqus.</a></noscript>
+<a href="http://disqus.com" class="dsq-brlink">comments powered by <span class="logo-disqus">Disqus</span></a>
+</div>
+
+
+	
+	<div id="footer">
+		<p>
+			
+				The Codex —
+			
+			Powered by <a href="http://markdoc.org/">Markdoc</a>.
+			
+<a href="https://bitbucket.org/ojacobson/grimoire.ca/src/master/wiki/authnz/users-rolegraph-privs.md">See this page on Bitbucket</a> (<a href="https://bitbucket.org/ojacobson/grimoire.ca/history-node/master/wiki/authnz/users-rolegraph-privs.md">history</a>).
+
+		</p>
+	</div>
+	
+</div>
+</body>
+</html>
+\ No newline at end of file