<div dir="ltr"><div>There's yesod-auth:<br><br><a href="http://www.yesodweb.com/book/authentication-and-authorization">http://www.yesodweb.com/book/authentication-and-authorization</a><br><a href="https://hackage.haskell.org/package/yesod-auth">https://hackage.haskell.org/package/yesod-auth</a><br><br></div>Cheers,<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, May 23, 2015 at 3:49 PM, Thomas Koch <span dir="ltr"><<a href="mailto:thomas@koch.ro" target="_blank">thomas@koch.ro</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">// moving the question with more info from haskell-cafe to web-devel<br>
<br>
Hallo,<br>
<br>
I already wrote a message with the same subject to haskell-cafe without reply.<br>
<span class=""><br>
I did not found anything comparable to Spring Security[1][2] (Java) or Symfony<br>
Security[3] (PHP) in Haskell. Both components are used in web applications to<br>
grant or deny access to resources based on roles, ACLs or custom voters.<br>
<br>
</span><span class="">[1] <a href="http://projects.spring.io/spring-security" target="_blank">http://projects.spring.io/spring-security</a><br>
[2] <a href="http://docs.spring.io/autorepo/docs/spring-security/3.1.7.RELEASE/apidocs" target="_blank">http://docs.spring.io/autorepo/docs/spring-security/3.1.7.RELEASE/apidocs</a><br>
[3]<br>
<a href="http://api.symfony.com/master/Symfony/Component/Security/Core/SecurityContext.html" target="_blank">http://api.symfony.com/master/Symfony/Component/Security/Core/SecurityContext.html</a><br>
<br>
</span><span class="">A naive strategy would be to port the concepts of both components, which are<br>
very similar, to Haskell. They represent a lot of accumulated knowledge from<br>
many experts about web security.<br>
<br>
Or are there better ways to do web security in a powerful language like<br>
Haskell?<br>
<br>
</span>There was some unfinished role-based-access-control effort in snap[4] that has<br>
been removed from git now.<br>
<br>
[4] <a href="https://groups.google.com/forum/#!topic/snap_framework/yUgSEVpP2GE" target="_blank">https://groups.google.com/forum/#!topic/snap_framework/yUgSEVpP2GE</a><br>
<br>
There seem to be a more modern (and more complex) thing than Role-Based-<br>
Access-Control now, XACML[5] which is used inside Red Hats JBoss[6].<br>
<br>
[5] <a href="http://en.wikipedia.org/wiki/XACML" target="_blank">http://en.wikipedia.org/wiki/XACML</a><br>
[6] <a href="http://picketlink.org/about" target="_blank">http://picketlink.org/about</a><br>
<br>
Regards, Thomas Koch<br>
<div class=""><div class="h5"><br>
<br>
_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="mailto:Haskell-Cafe@haskell.org">Haskell-Cafe@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature">José A. Romero L.<br><a href="mailto:escherdragon@gmail.com" target="_blank">escherdragon@gmail.com</a><br>"We who cut mere stones must always be envisioning cathedrals."<br>(Quarry worker's creed)</div>
</div></div></div>