Hello, I'm thinking of a way to handle a RBAC with...
# talk-keto
Hello, I'm thinking of a way to handle a RBAC with Keto. I thought of reprensenting roles as a namespace using something like that :
Copy code
However I read a bit about hotspot handling in the zanzibar paper and it seems this representation would cause a hotspot I think ? I guess the alternative to that would be to use inheritance of relations with subjectset rewrites once they're added, but in that case how would you handle listing the roles available for binding ? Do you have any best practice advice on this maybe ?
Did you already read https://github.com/ory/keto/issues/598 and the blog post linked there?
Yes, it seems to use a role namespace, but there doesn't seem to be anything about hotspots. I guess it's a bit early in the life of Keto to worry about hotspots
Also in the Zanzibar paper there is a little word about implementing an RBAC, saying that roles are similar to relations, but there is no details given
hm yeah hotspots are nothing we ran into yet
I would just go with it like that and figure out how to optimize it later
OK, thanks for your assistance 🙂
I understand that they mostly combat hotspots with the distributed cache
so not unsolvable
and you can still have them in your data