Xynnn007
commented
4 weeks ago Is this aiming to handle "resource after public key" logic?
Open fitzthum opened 4 weeks ago
Xynnn007
commented
4 weeks ago Is this aiming to handle "resource after public key" logic?
fitzthum
commented
4 weeks ago I'm not sure exactly what you're referring to, but this could be used for a bunch of things like making sure that a guest requests something from a plugin (could be a public key) before it gets resources. You could also make sure that a certain set of resources is only accessed by a single guest at a time using some differentiating info in the init-data.
In theory it can capture whatever logic your workload has.
Maybe we should add an option for stateful resource policies.
This would allow users to write policies that did things like releasing a secret N times or only releasing secret A after secret B has been released or never releasing secret B if secret A has been released.
There are some drawbacks to this. For one, we would probably have to have some kind of synchronization mechanism, which would likely slow down policy execution. As such, I think this would need to be an optional feature. Even so, it could be very powerful in certain cases.