purplefox
commented
2 years ago Authentication should use certificates. Authorisation - a particular user as identified by the certificate will only have access to a set of schemas. We need to check all gRPC commands as they come in to make sure they're not accessing schemas they're not supposed to. Some users can be admins - they will have access to all schemas.
For phase 1 we should implement mTLS certificate based auth for Prana for the gRPC API.