search

opentdf / platform

OpenTDF Platform monorepo enabling the development and integration of _forever control_ of data into new and existing applications. The concept of forever control stems from an increasingly common concept known as zero trust.
BSD 3-Clause Clear License
15 stars 4 forks source link

Enable Authorization based on OIDC claims alone without the need for Entity Resolution Service #785

Open jrschumacher opened 2 months ago

jrschumacher commented 2 months ago

The addition of Entity Resolution Service offers the ability to fetch custom data from an IdP or some other source when making an Authorization request. The challenge with this is that it increases the necessary requirements to get OpenTDF up and running.

Currently, ERS only supports Keycloak and any additional needs will need to be developed and deployed apart from the platform. OpenTDF has no plans to add or maintain support for other IdP or data sources.

This enhancement focuses on reducing the complexity of starting the OpenTDF service by supporting any IdP (that meets our requirements) without any custom code as well as reducing any custom integration with Keycloak which requires an API key to fetch additional data.

Acceptance Criteria

strantalis commented 2 months ago

Had this written this morning but never hit create.

https://github.com/opentdf/platform/issues/793

pflynn-virtru commented 3 weeks ago

The TDF specification addresses this with tdf_claims. See https://github.com/opentdf/spec/blob/2a95f6f434ae241df1d2371b33c2b3c564e5ee67/protocol/README.md?plain=1#L15

Would this functionality address this issue? (Note this is v1 behavior and will need to be ported to v2)