Closed mwhicks1 closed 1 month ago
oflatt
commented
3 months ago Nice idea, and much simpler than entity manifests. We should add a note about how this is related to #74. Given a type-annotated entity manifest, calculating the level is easy
mwhicks1
commented
3 months ago Nice idea, and much simpler than entity manifests. We should add a note about how this is related to #74. Given a type-annotated entity manifest, calculating the level is easy
Thanks! I've updated the RFC to compare the two, landing on the position that we should ultimately have both.
D-McAdams
commented
3 months ago Thanks for adding the cross-link to Entity Manifests in https://github.com/cedar-policy/rfcs/pull/74. Agree that they are best as a pair. Entity Manifests give instructions on what to load, and Entity Slice Validation (this RFC) ensures the instructions are practical by capping the complexity of incoming policies.
Also agree the alternatives in this RFC are less necessary when both techniques are used together.
Validating policies for entity slices using levels
Rendered