|
1 | | -0001 Purpose of This Repo |
2 | | -######################### |
| 1 | +0001: Purpose of This Repo |
| 2 | +########################## |
3 | 3 |
|
4 | 4 | Status |
5 | 5 | ****** |
6 | 6 |
|
7 | 7 | **Draft** |
8 | 8 |
|
9 | | -.. TODO: When ready, update the status from Draft to Provisional or Accepted. |
10 | | -
|
11 | | -.. Standard statuses |
12 | | - - **Draft** if the decision is newly proposed and in active discussion |
13 | | - - **Provisional** if the decision is still preliminary and in experimental phase |
14 | | - - **Accepted** *(date)* once it is agreed upon |
15 | | - - **Superseded** *(date)* with a reference to its replacement if a later ADR changes or reverses the decision |
16 | | -
|
17 | | - If an ADR has Draft status and the PR is under review, you can either use the intended final status (e.g. Provisional, Accepted, etc.), or you can clarify both the current and intended status using something like the following: "Draft (=> Provisional)". Either of these options is especially useful if the merged status is not intended to be Accepted. |
18 | | -
|
19 | 9 | Context |
20 | 10 | ******* |
21 | 11 |
|
22 | | -TODO: Add context of what led to the creation of this repo. |
| 12 | +The authorization (AuthZ) project is a community initiative to modernize how roles and permissions are defined, stored, and evaluated across the ecosystem. The existing system is fragmented, inflexible, and often results in over-permissioned users, repetitive administrative tasks, and difficulty adapting roles to organizational needs. |
| 13 | + |
| 14 | +This project aims to introduce a unified authorization model that supports custom roles, flexible scopes, and policy-based evaluation. By decoupling role/permission logic from application code, the goal is to achieve a more scalable, extensible, and user-friendly authorization framework. |
23 | 15 |
|
24 | | -.. This section describes the forces at play, including technological, political, social, and project local. These forces are probably in tension, and should be called out as such. The language in this section is value-neutral. It is simply describing facts. |
| 16 | +For more details, please refer to the `Roles & Permissions confluence space <https://openedx.atlassian.net/wiki/spaces/OEPM/pages/4724490259>`_. |
25 | 17 |
|
26 | 18 | Decision |
27 | 19 | ******** |
28 | 20 |
|
29 | | -We will create a repository... |
| 21 | +We will create a repository to hold the architecture, design decisions, and reference implementation for the Open edX Authorization (AuthZ) project. |
30 | 22 |
|
31 | | -TODO: Clearly state how the context above led to the creation of this repo. |
| 23 | +This repository will serve as the central place for: |
32 | 24 |
|
33 | | -.. This section describes our response to these forces. It is stated in full sentences, with active voice. "We will …" |
| 25 | +- Architectural Decision Records (ADRs) that document the evolution of the authorization model. |
| 26 | +- Design documents for scopes, policies, and integration approaches. |
| 27 | +- Reference implementations, libraries, and supporting code. |
| 28 | +- Migration strategies for replacing legacy RBAC models with the new system. |
34 | 29 |
|
35 | 30 | Consequences |
36 | 31 | ************ |
37 | 32 |
|
38 | | -TODO: Add what other things will change as a result of creating this repo. |
39 | | - |
40 | | -.. This section describes the resulting context, after applying the decision. All consequences should be listed here, not just the "positive" ones. A particular decision may have positive, negative, and neutral consequences, but all of them affect the team and project in the future. |
| 33 | +- This repository will provide a single source of truth for all architectural and design decisions regarding the new authorization framework. |
| 34 | +- It will make it easier to share progress, collect feedback, and collaborate across the community. |
| 35 | +- It decouples AuthZ development from ``edx-platform``, ensuring that the project can evolve independently and be later a reusable Django library. |
| 36 | +- The repo creates a clear boundary for experimentation and iteration, while providing a migration path to replace legacy role/permission handling over time. |
41 | 37 |
|
42 | 38 | Rejected Alternatives |
43 | 39 | ********************* |
44 | 40 |
|
45 | | -TODO: If applicable, list viable alternatives to creating this new repo and give reasons for why they were rejected. If not applicable, remove section. |
46 | | - |
47 | | -.. This section lists alternate options considered, described briefly, with pros and cons. |
| 41 | +- **Using the edx-platform repository for AuthZ work.** |
| 42 | + Keeping the new authorization work inside ``edx-platform`` would limit flexibility, slow down iteration, and tightly couple experimental design with production code. |
| 43 | + A standalone repo enables a cleaner separation of concerns and aligns with the long-term goal of a reusable library. |
48 | 44 |
|
49 | 45 | References |
50 | 46 | ********** |
51 | 47 |
|
52 | | -TODO: If applicable, add any references. If not applicable, remove section. |
53 | | - |
54 | | -.. (Optional) List any additional references here that would be useful to the future reader. See `Documenting Architecture Decisions`_ and `OEP-19 on ADRs`_ for further input. |
55 | | -
|
56 | | -.. _Documenting Architecture Decisions: https://cognitect.com/blog/2011/11/15/documenting-architecture-decisions |
57 | | -.. _OEP-19 on ADRs: https://open-edx-proposals.readthedocs.io/en/latest/best-practices/oep-0019-bp-developer-documentation.html#adrs |
| 48 | +- Technical Approach: `AuthZ <https://openedx.atlassian.net/wiki/spaces/OEPM/pages/5176229910>`_ |
| 49 | +- PRD: `Roles & Permissions <https://openedx.atlassian.net/wiki/spaces/OEPM/pages/4724490259>`_ |
| 50 | +- OEP-66: `Authorization Best Practices <https://docs.openedx.org/projects/openedx-proposals/en/latest/best-practices/oep-0066-bp-authorization.html>`_ |
0 commit comments