Closed brainfunked closed 7 years ago
@brainfunked I think this is not user authentication. As I understand it APi server will run in 2 different modes admin or read/write which will depend on configuration option. Am I right?
Why there is not plan to provide user authentication with use sessions? Example in ManageIQ http://manageiq.org/docs/reference/latest/api/overview/auth
I think lack of user authentication is security risk.
Isn't this part of the specification talking about roles and the access that will be available to these roles? @brainfunked
@sankarshanmukhopadhyay What specification do you mean, please? is there any pull request already there? If yes, could you please link it here?
This specification focuses on enabling the concept of a user in Tendrl. For now, it'll be a basic password based authentication mechanism for local users, with the levels of privileges mentioned above. Additional authentication schemes such as LDAP can then be added on top of this basic framework.
Alright. So, I did a mangled attempt to explain it previously. The intent is to have access and authentication (along with privilege levels associated) first and thereafter extend it to integrate with identity management systems.
The pull requests against this spec are to be in a branch named spec-128-api-auth-and-rabc
across all affected repositories. The branch has already been created on this repository: https://github.com/Tendrl/specifications/tree/spec-128-api-auth-and-rabc.
@brainfunked is this done?
The API needs to support users and authentication. Three levels of access are required: read-only, read-write and admin. The read-only and read-write privileges will automatically be available for API endpoints based on the HTTP verb being used. In a special case, some flows (and hence their endpoints) could be marked as admin. Such endpoints' access must be granted only to the users with the admin privileges.