Add attributes to entities

[Doom4535]

How does one allow entities to access attributes in OpenTDF? The examples show how to add attributes to TDF objects, but they don't show decryption of these objects after they were created with an attribute. Furthermore, there are some references to entities with attributes inside of test/rego, but as far as I can tell the *.rego files are not used.

Do we need to add a role of some sort into Keycloak that correlates a user with OpenTDF attributes or do we need to do something within OpenTDF to bind an authenticated user from Keycloak to OpenTDF?

Additionally, while going through examples/CMD/attributes.go, I noticed that ruler() always returns policy.AttributeRuleTypeEnum_ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF even though the switch statement implies it should likely be one of allof, anyof, or hierarchy.

P.S. What is the current state of Casbin support (referenced in the opentdf-example.yaml)?

[damorris25]

Entity attributes are assigned in the IDP (Keycloak in this case). In OpenTDF, the subject mappings + subject condition sets then define how to map from the IDP definition of an entity attribute to the normalized OpenTDF Attribute values.

Example: Keycloak might have an attribute of 'nationality' with a value of 'usa' but in OpenTDF there is an Attribute called 'CountryOfAffiliation'. The subject mapping would define this mapping.

Casbin: https://github.com/opentdf/platform/blob/main/service/internal/auth/casbin.go