[Haskell-cafe] no Web-Security component in Haskell?

Thomas Koch thomas at koch.ro
Sat May 23 13:49:07 UTC 2015


// moving the question with more info from haskell-cafe to web-devel

Hallo,

I already wrote a message with the same subject to haskell-cafe without reply.

I did not found anything comparable to Spring Security[1][2] (Java) or Symfony 
Security[3] (PHP) in Haskell. Both components are used in web applications to 
grant or deny access to resources based on roles, ACLs or custom voters.

[1] http://projects.spring.io/spring-security
[2] http://docs.spring.io/autorepo/docs/spring-security/3.1.7.RELEASE/apidocs
[3] 
http://api.symfony.com/master/Symfony/Component/Security/Core/SecurityContext.html

A naive strategy would be to port the concepts of both components, which are 
very similar, to Haskell. They represent a lot of accumulated knowledge from 
many experts about web security.

Or are there better ways to do web security in a powerful language like 
Haskell?

There was some unfinished role-based-access-control effort in snap[4] that has 
been removed from git now.

[4] https://groups.google.com/forum/#!topic/snap_framework/yUgSEVpP2GE

There seem to be a more modern (and more complex) thing than Role-Based-
Access-Control now, XACML[5] which is used inside Red Hats JBoss[6].

[5] http://en.wikipedia.org/wiki/XACML
[6] http://picketlink.org/about

Regards, Thomas Koch




More information about the Haskell-Cafe mailing list