search

allegroai / clearml-server

ClearML - Auto-Magical CI/CD to streamline your AI workload. Experiment Management, Data Management, Pipeline, Orchestration, Scheduling & Serving in one MLOps/LLMOps solution
https://clear.ml/docs
Other
364 stars 132 forks source link

[Feature request] Support zero-trust architectures #213

Open ianonavy opened 11 months ago

ianonavy commented 11 months ago

While the current ClearML Server security model provides static credentials for the Web UI, many organizations—including ours—are moving towards a zero trust model, placing emphasis on robust authentication and authorization measures for all applications. We'd like for our single user identity pool to be used across all integrated applications, including ClearML Server.

Ideally, we'd like to:

  1. Configure ClearML Server to utilize a remote OIDC provider for identities
  2. Map permissions to users via roles/groups and let a proxy such as oauth2-proxy handle token exchange
  3. Allow ClearML Server to trust the claims from a request header (e.g. X-Auth-Request-Access-Token)

Is such a configuration possible, or are there plans to support it in the future? Appreciate your thoughts and consideration!

ainoam commented 11 months ago

Thanks for inquiring @ianonavy.

Organizational identity management is addressed by ClearML's enterprise offering (see here). While some components might make it into the OSS offering in the future, it is not on the current development roadmap.