<subject, action, object>
, we introduce the notion of tags. We can associate each subject or object with one or more tags. These four concepts give us an enormous amount of flexibility with our authorization model. In the example above, a user or organization can create fine-grained access policies simply by assigning the right tags to users and resources.
Today, Ubicloud’s tags are user assigned. We don’t have any computed tags over dynamic attributes, such as geolocation. We did this to start simple and grow our authorization model with actual customer needs.
<subject, action, object>
. Remember the subject here is the user and the object is the resource