CanDB - CanDB is a flexible, performant, and horizontally scalable non-relational multi-canister data storage framework built for the Internet Computer.
Other
30
stars
9
forks
source link
[Feature] Add a Role-Based Access Control (Authorization) microservice #14
Developers may wish to use a RBAC Authorization scheme into their service actors and partitions, allowing them to more easily permit different levels of access to partitions or entities stored within CanDB. Having an RBAC service (that uses CanDB) allows an application to more easily associate principals with more complex and specific permissions, and allows for these permissions to be universally trusted and accepted across a multi-canister application.
Requirements
[ ] RBAC actor that allows applications to store principal to role relations
[ ] Generates JWT or other AuthZ token to wrap the user’s roles with a TTL & mechanism to combat replay attacks
[ ] Mechanism for one-time dispersal of public key to existing service actors in order to efficiently authorize the caller without requiring an inter-canister call every time.
Motivation
Developers may wish to use a RBAC Authorization scheme into their service actors and partitions, allowing them to more easily permit different levels of access to partitions or entities stored within CanDB. Having an RBAC service (that uses CanDB) allows an application to more easily associate principals with more complex and specific permissions, and allows for these permissions to be universally trusted and accepted across a multi-canister application.
Requirements