Skip to content

[Proposal 005] Node Authorization #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
taniwha3 wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[Proposal 005] Node Authorization #8

taniwha3 wants to merge 3 commits into from

Conversation

@taniwha3
Copy link
Contributor

@taniwha3 taniwha3 commented Sep 11, 2022

@taniwha3
[Proposal 005] Node Authorization
a6f15d9 
Signed-off-by: Tani <111664369+taniwha3@users.noreply.github.com>
taniwha3
taniwha3 commented Sep 11, 2022
View reviewed changes
accepted/005-node-authentication.md Outdated
@@ -0,0 +1,71 @@
# Design / Feature

*TODO for the document:*
Copy link
Contributor Author

@taniwha3 taniwha3 Sep 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should include a section about observability here.

@taniwha3
[Proposal 005] Setting default policy engine to custom rust impl
a78d437 
Signed-off-by: Tani <111664369+taniwha3@users.noreply.github.com>
@taniwha3
[Proposal 005] Clarifying the proposal, and giving context in notes
b950ee8 
Signed-off-by: Tani <111664369+taniwha3@users.noreply.github.com>
krisnova
krisnova reviewed Sep 11, 2022
View reviewed changes
accepted/005-node-authentication.md

Authorization decisions default to deny.

Not installing a policy engine causes all requests to be denied.
Copy link
Contributor

@krisnova krisnova Sep 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We must must have "reasonable defaults" and opinions. Its a key part of the project.

Is this our reasonable default? Or should we give the user a default policy engine?

krisnova
krisnova reviewed Sep 11, 2022
View reviewed changes
accepted/005-node-authentication.md
- changes to the policy do not require a recompilation of auraed.
- policy can be centralized for multiple auraed.

### Goals
Copy link
Contributor

@krisnova krisnova Sep 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will need to bake both authn and authz into our standard library, or at the very least call it out of scope.

  • Do we have an authn subsystem? Or is this "transparent" based on the aurae.toml?
  • Do we have an authz subsystem? Or is this "transparent" based on the aurae.toml?

More on subsystems: https://github.com/aurae-runtime/api/tree/main/spec#aurae-api-specification

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krisnova krisnova krisnova left review comments

Assignees

No one assigned

Labels

Access Granted

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@taniwha3 @krisnova