Skip to content

UMACS

UMACS

UMACS (User Management and Access Control System) is the central identity and authorization service for the CSED platform. It manages users, groups, workspaces, and permissions so that other services (like Psephos, Test Forge, and UniPoll) don’t need to re-implement auth.

Where This Project Fits

flowchart LR
  OIDC[OIDC Provider] --> UMACS[UMACS<br/>Auth & Access]
  UMACS --> Psephos[Psephos<br/>Survey Engine]
  UMACS --> TestForge[Test Forge]
  UMACS --> UniPoll[UniPoll]
  UMACS --> RefAIn[RefAIn]
  UMACS --> T4[T4]
  • Handles login and token validation (via OIDC providers)
  • Evaluates authorization policies for API calls
  • Acts as a shared dependency for most backend and frontend services

What You Could Work On

  • Design and implement policy models (RBAC/ABAC) for CSED services
  • Build developer-friendly APIs for checking permissions and managing users/groups
  • Improve observability: decision logging, audit trails, and dashboards
  • Experiment with hybrid architectures that combine UMACS with external IdPs
  • Harden security and performance for a multi-service ecosystem

Core Concepts & Tech

  • Backend: FastAPI, MongoDB, Casbin (policy engine)
  • Concepts: accounts, workspaces, groups, resources, policies
  • Protocols: OIDC/JWT for authentication, REST for policy enforcement

For deep-dive architecture and security discussions, see the GitHub repo and linked discussions.