SanderMertens
commented
7 years ago The security API and testcases are place. A few features need to be added before this issue can be closed:
- Allow logging in with a key (vs just username + password)
- Enable guest access
- Add user attributes:
- "home" scope (accessed by new ~ operator in object identifiers)
- Avatar image
- Allow passing more context to authorize calls (pass parameters of operation to authorize)
Security in corto is meant to restrict the flow of data from one source to another. Without security, a user can subscribe for, or query for any object, and data can flow freely between connectors. Corto security is meant to address this.
Security features will be implemented on the lowest level, in the core API, where data-centric policies will determine whether a user is allowed to create, read, update or delete an object. The security API will allow a user to authenticate itself and authorize its actions. In addition, the API will log security events for accounting purposes.
The security API will have a plugin architecture that allows users to write their own authentication and authorization plugins. Furthermore, the API will leverage hierarchies and support cascading policies.
Authentication will happen at process level (as opposed to thread level). This simplifies the architecture, and reduces the amount of potential attach vectors. Switching authentication from one user to another will be cheap, which is useful for example when a webserver is serving requests to many different users.
For more details on the design and API, see: https://corto.io/doc/api.html#Core_API_Security