Authorization libraries can be useful but often fall short in key areas. They typically lack fine-grained access control, limiting their ability to handle complex permissions. Casbin does provide RBAC and ABAC but as far as I know they don't support ReBAC.
Libraries was designed to operate directly on an application’s existing data structures without imposing a standardized model for how that data should be organized.
Direct interaction with diverse data structures can lead to inefficiencies and performance bottlenecks. Without a standardized model, the library might not optimize data access and manipulation as effectively as it could with a uniform data structure.
Additionally, they struggle in microservices architectures, creating challenges in maintaining consistent security policies across services. In a microservices architecture, each service might require access to the authorization library, but replicating this library across services can lead to maintenance, synchronization, and consistency challenges.
Libraries was designed to operate directly on an application’s existing data structures without imposing a standardized model for how that data should be organized.
Direct interaction with diverse data structures can lead to inefficiencies and performance bottlenecks. Without a standardized model, the library might not optimize data access and manipulation as effectively as it could with a uniform data structure.
Additionally, they struggle in microservices architectures, creating challenges in maintaining consistent security policies across services. In a microservices architecture, each service might require access to the authorization library, but replicating this library across services can lead to maintenance, synchronization, and consistency challenges.