Lunatic seems like a very promising project and I was wondering if you have any security model in place?
Actor to actor calls may not pose a serious security threat but actors using capabilities without explicit permissions certainly does and takes away some of the security guarantees provided by using webassembly modules.
Is there a way to enforce signed artifacts (wasm modules and capability providers)?
I have been following wasmcloud for quite some time, which is also based on actor model, employs zero trust model, uses webassembly modules for its workload and share certain goals and ambitions with lunatic.
Wasmcloud has been around for about four years and it has very well thought out security model. The project uses RFC process and documents its architectural decisions on a journal which can be accessed at https://wasmcloud.github.io/adr/.
Initial project was based on actix but moved to OTP due to some drawbacks originating from actix. Since issues are not migrated, the old github repo also has previous discussions and some unimplemented RFCs.
Since they have similar goals and ambitions, maybe you can benefit from their discussions and design decisions.
Hi,
Lunatic seems like a very promising project and I was wondering if you have any security model in place?
Actor to actor calls may not pose a serious security threat but actors using capabilities without explicit permissions certainly does and takes away some of the security guarantees provided by using webassembly modules.
Is there a way to enforce signed artifacts (wasm modules and capability providers)?
I have been following wasmcloud for quite some time, which is also based on actor model, employs zero trust model, uses webassembly modules for its workload and share certain goals and ambitions with lunatic.
Wasmcloud has been around for about four years and it has very well thought out security model. The project uses RFC process and documents its architectural decisions on a journal which can be accessed at https://wasmcloud.github.io/adr/.
Initial project was based on actix but moved to OTP due to some drawbacks originating from actix. Since issues are not migrated, the old github repo also has previous discussions and some unimplemented RFCs.
Since they have similar goals and ambitions, maybe you can benefit from their discussions and design decisions.
Regards