Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Proposal 005] Node Authorization #8

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[Proposal 005] Node Authorization #8

wants to merge 3 commits into from

Conversation

taniwha3
Copy link
Contributor

@taniwha3
[Proposal 005] Node Authorization
a6f15d9 
Signed-off-by: Tani <111664369+taniwha3@users.noreply.github.com>
taniwha3
taniwha3 commented Sep 11, 2022
View reviewed changes
accepted/005-node-authentication.md Outdated
@@ -0,0 +1,71 @@
# Design / Feature

*TODO for the document:*
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should include a section about observability here.

@taniwha3
[Proposal 005] Setting default policy engine to custom rust impl
a78d437 
Signed-off-by: Tani <111664369+taniwha3@users.noreply.github.com>
@taniwha3
[Proposal 005] Clarifying the proposal, and giving context in notes
b950ee8 
Signed-off-by: Tani <111664369+taniwha3@users.noreply.github.com>
krisnova
krisnova reviewed Sep 11, 2022
View reviewed changes
accepted/005-node-authentication.md

Authorization decisions default to deny.

Not installing a policy engine causes all requests to be denied.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We must must have "reasonable defaults" and opinions. Its a key part of the project.

Is this our reasonable default? Or should we give the user a default policy engine?

krisnova
krisnova reviewed Sep 11, 2022
View reviewed changes
accepted/005-node-authentication.md
- changes to the policy do not require a recompilation of auraed.
- policy can be centralized for multiple auraed.

### Goals
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will need to bake both authn and authz into our standard library, or at the very least call it out of scope.

  • Do we have an authn subsystem? Or is this "transparent" based on the aurae.toml?
  • Do we have an authz subsystem? Or is this "transparent" based on the aurae.toml?

More on subsystems: https://github.com/aurae-runtime/api/tree/main/spec#aurae-api-specification

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@krisnova krisnova krisnova left review comments

Assignees
No one assigned
Labels
Access Granted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@taniwha3 @krisnova