Hi IPMC, I would like to propose Casbin[1] as a new Apache Incubator project, you can find the proposal of Casbin [2] for more details.
[1] https://github.com/casbin/casbin [2] https://cwiki.apache.org/confluence/display/INCUBATOR/Casbin+Proposal I'm acting as the champion, and we have 5 mentors (including me) so far. Full Context inlined for easy reading below. Casbin Proposal Abstract Casbin is a powerful, open-source access control framework that provides a unified, model-driven approach to authorization. Through its domain-specific language (DSL), Casbin seamlessly integrates ACL, RBAC, and ABAC models, enabling flexible and fine-grained policy management. It delivers high-performance access control enforcement and offers a broad multi-language ecosystem, including Go, Java, Node.js, JavaScript, Python, .NET, C++, and Rust. Proposal Casbin is an open-source access control library. The core idea is simple: pull authorization logic out of your code and put it into configuration files/databases. 1. Various access control models Casbin uses the PERM metamodel (Policy, Effect, Request, Matchers). You write a .conf model file and a policy file, and you get ACL, RBAC, ABAC, ReBAC, or other access control models as required. Changing your permission model is just editing config—no code changes required. You can even mix RBAC roles with ABAC attributes in the same policy. 2. Multi-language support Casbin has native implementations in multiple languages—Go, Java, Python, Node.js, Rust, C++, .NET, Ruby, and more—with consistent APIs across all of them. Teams working across different stacks can share a common understanding of how permissions work without having to hunt for a separate authorization solution for each language. 3. Middlewares Policies can live in memory, in files, or across dozens of backends (MySQL, PostgreSQL, MongoDB, Redis, etc.) via adapters. Role management integrates with enterprise identity providers like LDAP, Okta, and Auth0. For multi-instance deployments, the Watcher mechanism keeps policies in sync. There's also an online editor for debugging models and policies. 4. Performance Policy evaluation happens in memory with predictable latency. In large-scale multi-tenant scenarios, filtered loading lets you load only the policies you need, rather than the entire set. Casbin was originally built for cloud-native and microservice architectures. It's now running in production at many internet companies, SaaS products, and internal platforms. The decision to donate Casbin to the ASF was made through a community vote: https://github.com/casbin/casbin/issues/1625. We believe bringing Casbin into the Apache Incubator would add valuable diversity to the community. Background Casbin is being developed by an open-source community from day one under the Apache License 2.0. The project was launched in April 2017. Rationale Casbin provides a unified authorization and access control abstraction layer that simplifies integrating different access control models and policy backends. In addition, Casbin offers advanced authorization capabilities, including fine-grained policy management, pluggable extensions (adapters, role managers, watchers, effectors), and a rich ecosystem of tools for policy editing and administration. Casbin enables you to define authorization rules once and apply them consistently across multiple languages, frameworks, and systems. Initial Goals Build a more diverse community by attracting more contributors. Promote the adoption and integration of Casbin by ensuring its neutrality and sustainability. Gather more user feedback and become one of the standard implementations of access control interfaces. Current Status Meritocracy Casbin was developed by Yang Luo at Peking University in 2017. Zixuan Liu, the maintainer of the Node.js version, joined later, and in 2020, Zihui Liu, the maintainer of the JavaScript version, also joined. Afterwards, many developers became core contributors. Since it was open-sourced, Casbin has attracted strong interest from both companies and individual developers. We will continue to support new contributors, and those who submit high-quality contributions will be invited to become committers. The Casbin project is being donated to the Apache Software Foundation by Yang Luo in an individual capacity. Yang Luo, as the original creator, will sign the SGA to formally transfer the intellectual property rights to the ASF. Community Contributors: 152 See: https://github.com/casbin/casbin/graphs/contributors Users: Argo CD: Declarative Continuous Deployment for Kubernetes OpenShift: The developer and operations-friendly Kubernetes distro Apache Pulsar: Distributed pub-sub messaging system Apache APISIX: The Cloud-Native API Gateway and AI Gateway Casdoor: Identity and Access Management platform Harbor: An open source, trusted cloud native registry project that stores, signs, and scans content Skydive: An open source real-time network topology and protocols analyzer Core Developers The core developers are all experienced open-source developers. They have been running the Casbin community for over eight years. Alignment Casbin works well with Pulsar, APISIX, and many other ASF projects. The Casbin codebase is already under the Apache License 2.0. Known Risks Project Name We have checked and consider the name appropriate, and the project is entitled to continue using its current name. The current project lead, Yang Luo, has registered the “Casbin” trademark and will donate it to the ASF. Orphan Products Casbin is already being used by many companies and open-source communities globally. The current developers will continue to improve the project to better support current and future needs. Inexperience with Open Source Casbin's core developers are all experienced open-source contributors, and its primary maintainer, Yang Luo, has 12 years of open-source experience, having worked on projects including Nmap, Npcap, Casdoor, and others. Length of Incubation Expect to enter incubation in two months and graduate in about two years. Homogenous Developers Casbin developers come from a variety of backgrounds and contribute to the project for different use cases. Reliance on Salaried Developers Most core contributors to Casbin are not salaried for their work on the project; they contribute in their spare time out of personal interest and commitment to open source. Some new contributors may receive modest financial support through community beginner programs, but this is limited and optional. Going forward, we plan to attract more contributors from diverse organizations and backgrounds to further distribute responsibility and reduce any potential dependency on a small group of individuals. Relationships with Other Apache Products Casbin can be integrated with Apache projects to provide unified authorization: Pulsar: Apache Pulsar uses Casbin to implement RBAC authorization on tenants, namespaces, and topics. APISIX: Apache APISIX provides the `authz-casbin` plugin to enforce ACL/RBAC/ABAC policies on API requests. An Excessive Fascination with the Apache Brand We believe that the Apache Way and its neutrality, which goes beyond branding alone, will help the development of Casbin. As a fundamental software function, authorization is better served by a community-driven foundational library. In the long run, a neutral organization is more beneficial to the community than a single company. Documentation The Casbin documentation is available at https://casbin.org/. Casbin’s documentation is self-contained; all its current and historical versions are available at https://github.com/casbin/casbin-website-v2. Initial Source The project currently holds several GitHub organizations as follows. All the repos under the following GitHub organizations will be migrated to Apache. https://github.com/casbin https://github.com/jcasbin https://github.com/node-casbin https://github.com/officialpycasbin https://github.com/casbin-net https://github.com/casbin-rs https://github.com/casbin-cpp https://github.com/casbin-js https://github.com/SwiftCasbin https://github.com/casbin-lua https://github.com/dart-casbin Source and Intellectual Property Submission Plan External Dependencies 1. Golang (https://github.com/casbin/casbin) MIT doublestar:v4.6.1 govaluate:v1.3.0 BSD-3-Clause uuid:v1.6.0 2. Java (https://github.com/casbin/jcasbin) Apache-2.0 com.fasterxml.jackson.core:jackson-databind:2.18.1 com.github.seancfoley:ipaddress:5.5.1 com.google.code.gson:gson:2.11.0 commons-io:commons-io:2.17.0 io.github.aviatorscript:aviator:5.9.0 org.apache.commons:commons-csv:1.12.0 org.apache.maven.plugins:maven-gpg-plugin:3.2.7 org.apache.maven.plugins:maven-surefire-plugin:3.2.5 org.codehaus.mojo:cobertura-maven-plugin:2.7 org.sonatype.central:central-publishing-maven-plugin:0.6.0 org.testng:testng:7.4.0 org.apache.maven.plugins:maven-compiler-plugin org.apache.maven.plugins:maven-source-plugin org.apache.maven.plugins:maven-javadoc-plugin:3.11.1 MIT org.eluder.coveralls:coveralls-maven-plugin:4.3.0 org.mockito:mockito-inline:4.11.0 org.slf4j:slf4j-api:2.0.16 org.slf4j:slf4j-simple:2.0.16 3. Node.js (https://github.com/casbin/node-casbin) Apache-2.0 @casbin/expression-eval:5.3.0 MIT @semantic-release/changelog:5.0.1 @semantic-release/commit-analyzer:8.0.1 @semantic-release/git:9.0.0 @semantic-release/github:7.2.3 @semantic-release/npm:7.1.3 @semantic-release/release-notes-generator:9.0.3 @types/jest:26.0.23 @types/node:10.17.59 @types/picomatch:2.2.2 @typescript-eslint/eslint-plugin:4.22.0 await-lock:2.1.0 buffer:6.0.3 csv-parse:5.5.6 cz-conventional-changelog:3.3.0 eslint:7.25.0 eslint-config-prettier:6.15.0 eslint-plugin-prettier:3.4.0 BSD-2-Clause @typescript-eslint/parser:4.22.0 coveralls:3.1.0 4. Python (https://github.com/casbin/pycasbin) BSD-2-Clause pytest-benchmark:5.1.0 MIT black:25.1.0 pytest:8.4.1 simpleeval:1.0.3 wcmatch:10.1 5. .NET (https://github.com/casbin/Casbin.NET) MIT DynamicExpresso.Core:2.16.1 Microsoft.Extensions.Configuration.Ini:9.0.0-preview.4.24266.19 Microsoft.Extensions.Logging:9.0.0-preview.4.24266.19 Apache-2.0 CsvHelper:32.0.3 6. Rust (https://github.com/casbin/casbin-rs) MIT | Apache-2.0 async-std async-trait criterion fixedbitset getrandom globset hashlink ip_network mini-moka once_cell parking_lot petgraph regex rhai serde serde_json slog slog-async slog-term thiserror tokio tokio-stream wasm-bindgen-test 7. C++ (https://github.com/casbin/casbin-cpp) No dependency 8. Javascript (https://github.com/casbin/casbin.js) Apache-2.0 casbin-core:0.0.0-beta.2 typescript:5.9.3 MIT @babel/core:7.28.4 @babel/plugin-proposal-optional-chaining:7.21.0 @babel/preset-env:7.28.3 @types/express:4.17.0 @types/jest:29.5.14 @types/js-cookie:2.2.7 @typescript-eslint/eslint-plugin:4.33.0 axios:0.21.4 babel-loader:10.0.0 clean-webpack-plugin:3.0.0 eslint:7.32.0 eslint-config-prettier:6.15.0 express:4.17.0 html-webpack-plugin:4.5.2 jest:29.7.0 jest-environment-jsdom:29.7.0 js-cookie:2.2.1 npm-run-all:4.1.5 prettier:2.8.8 ts-jest:29.4.5 ts-loader:9.5.4 tslint-config-prettier:1.18.0 webpack:5.102.1 webpack-cli:4.10.0 webpack-dev-server:3.11.3 webpack-merge:5.10.0 BSD-2-Clause @typescript-eslint/parser:3.10.1 ISC rimraf:3.0.2 9. Swift (https://github.com/casbin/SwiftCasbin) Apache-2.0 swift-log:1.0.0 swift-nio:2.0.0 swift-nio-transport-services:1.5.1 MIT Expression:0.13.0 Regex:2.1.0 10. Lua (https://github.com/casbin/lua-casbin) MIT lua >= 5.1 lualogging >= 1.5.1 lrexlib-pcre2 >= 2.9.2 luaposix = 35.1-1 11. Dart (https://github.com/casbin/dart-casbin) MIT expressions: >= 0.2.2, < 0.3.0 BSD-3-Clause collection: >= 1.15.0, < 2.0.0 quiver: >= 3.0.1, < 4.0.0 lints: >= 5.1.0, < 6.0.0 test: >= 1.16.7, < 2.0.0 12. Elixir (https://github.com/casbin/casbin-ex) Apache-2.0 ecto_sql:3.10 credo:1.7 ex_doc MIT git_hooks:0.7.3 Cryptography N/A Required Resources Mailing Lists [email protected] [email protected] [email protected] [email protected] [email protected] Subversion Directory N/A Git Repositories >From https://github.com/casbin/casbin https://gitbox.apache.org/asf/repos/casbin https://github.com/apache/casbin >From https://github.com/casbin/jcasbin https://gitbox.apache.org/asf/repos/casbin-jcasbin https://github.com/apache/jcasbin >From https://github.com/casbin/node-casbin https://gitbox.apache.org/asf/repos/casbin-node-casbin https://github.com/apache/node-casbin >From https://github.com/casbin/pycasbin https://gitbox.apache.org/asf/repos/casbin-pycasbin https://github.com/apache/pycasbin >From https://github.com/casbin/Casbin.NET https://gitbox.apache.org/asf/repos/casbin-Casbin.NET https://github.com/apache/Casbin.NET >From https://github.com/casbin/casbin-rs https://gitbox.apache.org/asf/repos/casbin-rs https://github.com/apache/casbin-rs >From https://github.com/casbin/casbin-cpp https://gitbox.apache.org/asf/repos/casbin-cpp https://github.com/apache/casbin-cpp >From https://github.com/casbin/casbin.js https://gitbox.apache.org/asf/repos/casbin.js https://github.com/apache/casbin.js >From https://github.com/casbin/SwiftCasbin https://gitbox.apache.org/asf/repos/casbin-SwiftCasbin https://github.com/apache/SwiftCasbin >From https://github.com/casbin/lua-casbin https://gitbox.apache.org/asf/repos/casbin-lua-casbin https://github.com/apache/lua-casbin >From https://github.com/casbin/dart-casbin https://gitbox.apache.org/asf/repos/casbin-dart-casbin https://github.com/apache/dart-casbin >From https://github.com/casbin/casbin-ex https://gitbox.apache.org/asf/repos/casbin-ex https://github.com/apache/casbin-ex >From https://github.com/casbin/casbin-website-v2 https://gitbox.apache.org/asf/repos/casbin-website-v2 https://github.com/apache/casbin-website-v2 >From https://github.com/casbin/casbin.io https://gitbox.apache.org/asf/repos/casbin.io https://github.com/apache/casbin.io >From https://github.com/casbin/casbin-editor https://gitbox.apache.org/asf/repos/casbin-editor https://github.com/apache/casbin-editor >From https://github.com/casbin/casbin-server https://gitbox.apache.org/asf/repos/casbin-server https://github.com/apache/casbin-server For all other non-core repos (like plugins, examples, etc.) in different organizations: >From https://github.com/casbin/* https://gitbox.apache.org/asf/repos/casbin-* https://github.com/apache/casbin-* >From https://github.com/jcasbin/* https://gitbox.apache.org/asf/repos/casbin-jcasbin-* https://github.com/apache/jcasbin-* >From https://github.com/node-casbin/* https://gitbox.apache.org/asf/repos/casbin-node-casbin-* https://github.com/apache/node-casbin-* >From https://github.com/officialpycasbin/* https://gitbox.apache.org/asf/repos/casbin-pycasbin-* https://github.com/apache/pycasbin-* >From https://github.com/casbin-net/* https://gitbox.apache.org/asf/repos/casbin-net-* https://github.com/apache/casbin-net-* >From https://github.com/casbin-rs/* https://gitbox.apache.org/asf/repos/casbin-rs-* https://github.com/apache/casbin-rs-* >From https://github.com/casbin-cpp/* https://gitbox.apache.org/asf/repos/casbin-cpp-* https://github.com/apache/casbin-cpp-* >From https://github.com/casbin-js/* https://gitbox.apache.org/asf/repos/casbin-js-* https://github.com/apache/casbin-js-* >From https://github.com/SwiftCasbin/* https://gitbox.apache.org/asf/repos/casbin-SwiftCasbin-* https://github.com/apache/SwiftCasbin-* >From https://github.com/casbin-lua/* https://gitbox.apache.org/asf/repos/casbin-lua-* https://github.com/apache/casbin-lua-* >From https://github.com/dart-casbin/* https://gitbox.apache.org/asf/repos/casbin-dart-casbin-* https://github.com/apache/dart-casbin-* Issue Tracking The community would like to continue using GitHub Issues. Other Resources The community has already chosen GitHub Actions as its continuous integration tool. Initial Committers Yang Luo [[email protected], Peking University] Zixuan Liu [[email protected], AscentStream] Zihui Liu [[email protected], Tencent] Xianhe Tang [[email protected], Xiaomi] Hongyang Shi [[email protected], Baidu] Hanyang Xia [[email protected], SenseTime] Xiangwen Meng [[email protected], BaiTaste] Sponsors Champion tison [[email protected]] Nominated Mentors tison [[email protected]] Huajie Wang [[email protected]] Hulk Lin [[email protected]] Jerry Shao [[email protected]] Hao Ding [[email protected]] Sponsor Entity We expect the Apache Incubator to sponsor this project. Best, tison. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
