Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Commonalities and expectations for cross-language use #151

Open
divarvel opened this issue Oct 24, 2023 · 0 comments
Open

Commonalities and expectations for cross-language use #151

divarvel opened this issue Oct 24, 2023 · 0 comments

Comments

@divarvel
Copy link
Collaborator

Right now the spec provides (rather) precise definitions for the token format, the evaluation model and datalog parsing.

What is not specified however is the general API of libraries. Most libraries have the same behaviour, but there can be subtle details that vary from implementation to implementation.

For instance:

  • biscuit-haskell checks revocation ids after parsing the external envelope, but before parsing the actual payload
  • biscuit-rust performs some checks when constructing a Biscuit, but a Biscuit value can still carry invalid code
  • biscuit-go does not allow querying an authorizer before running authorization (contrary to biscuit-rust and biscuit-haskell)

I think the spec should not mandate too much wrt APIs because each language has different ways to express things, but i think there should be some common guarantees provided by specific operations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant