Open source declarative policy library
Proposal
We use a library for our authorization called DeclarativePolicy. This is a solid, stable library that
allows for robust secure code. It is genuinely excellent.
I propose that we release this as a separate gem, under a FOSS license.
The rationale for this is:
- we have other projects (including Rails apps) that would benefit from this
- this library is exceptionally stable
- the library is not strongly coupled to other code (extraction would be straightforward)
- it is a foundational tool, solving a common problem likely to be of benefit to others
- we are the only users of this library, and it would benefit community contributors to be more familiar with our tooling.
- releasing it (and hopefully getting some broader support) would make it easier to incorporate into 3rd party tools that we use (for example the same way GraphQL Ruby provides integration for pundit and cancan).
There are other tools in this space (such as Pundit, which is very similar in terminology and practices). The declarative policy library would naturally fit in this category of authorization libraries.