search

opentdf / platform

OpenTDF Platform monorepo enabling the development and integration of _forever control_ of data into new and existing applications. The concept of forever control stems from an increasingly common concept known as zero trust.
BSD 3-Clause Clear License
18 stars 8 forks source link

Support claims entity type in opa/ERS #788

Open elizabethhealy opened 4 months ago

elizabethhealy commented 4 months ago

Enable the claims entity type in opa. It should not call ERS when the entity type is claims but rather should evaluate the subject mappings on the claims themselves. (I believe this is the expected behavior for this flow.) It should be assumed claims is a type that can be parsed/queried by jq.

elizabethhealy commented 4 months ago

should help solve https://github.com/opentdf/platform/issues/785

jrschumacher commented 4 months ago

It should be assumed claims is a type that can be parsed/queried by jq.

Do we need full jq support, or could we keep it simple and only support object dot-notation? I have no opinion if we use a jq compliant library under the hood, but limiting what we advertise will reduce complexity and cost less to maintain.

That said, since OIDC requires JWT I think this is a safe assumption... if not then we fail ans unauthorized.

elizabethhealy commented 4 months ago

@jrschumacher im fine either way, i think dot notation is probably simpler and easier to support, or maybe some variation of dot notation that also supports like like item1.item2[*]

jrschumacher commented 2 months ago

@elizabethhealy is this completed or should we reopen?

elizabethhealy commented 2 months ago

we should reopen, i think there was another ticket issue linked to this as well, ill find it

elizabethhealy commented 2 months ago

relates to https://github.com/opentdf/platform/issues/785