The LaMarvin CAZE framework has a fairly simple implementation of role based policies and rules. it allows us to define various roles, permissions, and actions. it then allows us to attempt to "execute" these actions to ensure that the current user of whatever system has the correct role that allows for this action. I like the simple implementation, easy configuration and flexibility of configuring via code, xml, etc. there are several implementation abstractions that are quite nice, including the ability to tie directly into a Windows Domain, COM+ Security, and provide your own custom security implementation via interfaces. It also supports native .NET security using the IPrincipal and IIdentity interfaces.
The designer that comes with the beta is quite nice, for what it does. it is easy to use, supports undo of changes, and has a clean layout to it that is easy to understand. The output of the designer will always be an xml file with a ".caze" extension. The code used to generate the xml output is built into the object model, which allows any developer to output the appropriate xml configuration file. While this does create an easy-to-edit configuration, there is currently no way to export the output to anything else. I'd like to see some sort of output interface that can be implemented so that we can auto-populate a database schema or another type of repository directly from the object model or designer.
The documentation on the lamarvin website, and the .chm file included with the download are quite useful. they provide a very easy to read introduction to using the system, setting up your rules and actions, and how to apply them to your code. They cover some advanced scenarios as well, including the issues of non-deterministic role resolution (multiple roles/action that can be applied to the same user).
Downloading the software, installation, and getting a sample project up and running was very easy as well. There are several sample applications that come with the installer, in both C# and VB. Implementing the systme in my own code was as easy as including a reference to the CAZE assemblies and dropping a few lines of code to load the config file and execute an action.
Unfortunately, the CAZE system appears to work with a global list of states, properties, actions, etc, within the configuration. to use this at an enterprise level, we would either have to use a naming convention that supports different objects, etc. or we would have to use multiple config files for CAZE - one for each object or each group of objects, or something along those lines. this would increase the complexity of implementation some. if there were a way to group states, actions, properties and rules together by a simple name or even by an object Type, the usefulness of the system would increase greatly.
Overall
This is a good policy framework for small to medium sized applications that need to integrate action and state based policies into Windows Domain roles, COM+ roles, or even custom security systems. I would recommend it's use for small to medium sized projects that do not need to secure every object, screen, or UI element.
Score
3.5 out of 5
More Info
Website: http://www.lamarvin.com/
Cost: $399/developer, discounts for volume purchases
Current Version: v2.0, June 2006 'designer' Beta