search

opentdf / platform

OpenTDF Platform monorepo enabling the development and integration of _forever control_ of data into new and existing applications. The concept of forever control stems from an increasingly common concept known as zero trust.
BSD 3-Clause Clear License
18 stars 7 forks source link

Policy API: remove UUIDs from known service to service APIs, preserving them for admin use alone #447

Closed jakedoublev closed 2 months ago

jakedoublev commented 6 months ago

Background

There is an eventual need to support platform federation, and therefore a preventative need to ensure the OpenTDF platform is not reliant on UUIDs for service to service correspondence. UUIDs should continue to be utilized within Policy CRUD exposed to admins both for the database storage performance benefits and for mutability of Policy Object aspects (with uniqueness guarantees and known unsafe behaviors). However, we should ensure any APIs that are known to expose Policy Objects to other services and not just platform admins should not provide UUIDs.

Acceptance Criteria

  1. Any proto updates are made with generated code/docs to remove UUIDs from Policy APIs solely utilized by other services
  2. Any API responses are updated to remove UUIDs from Policy APIs solely utilized by other services
  3. FQNs are provided for every Attribute Namespace, Definition, and Value in response to service to service APIs to reinforce reliance upon them downstream
jakedoublev commented 6 months ago

Related to https://github.com/opentdf/platform/issues/110 as the dump could be an initial first draft of the "export" for federation

jrschumacher commented 6 months ago

Need to consider how we can specify we need UUIDs for admin and not for other service calls.