rrileyca
commented
2 months ago Adding a thought - perhaps even just passing in the SETUP frame would be enough to perform some dynamic logic on the LEASE frames. I think this makes sense. For example, if you wanted to apply backpressure to a specific routing endpoint, you would need to read the SETUP metadata to make that decision. I'm sure there are other use cases. This would also satisfy my use case.
Currently, the only context a Lease seems to have access to is the connection through the
TrackingLeaseSenderinterface. This makes sense, but I have a use case where I would like to send a nonce that is used for HMAC authentication in the LEASE metadata. This seems to be impossible at the moment, since the LeaseSender can only gather context about the connection (via the generation of some unique "connectionId", as in the advanced lease sample). However, then the Authentication/Authorization framework does not have access to the connection and subsequently the Lease context.I would like to tie these together such that in the
SETUP <-> LEASEexchange, the LEASE frame could contain user-aware metadata, such as a nonce that will later be used by the Authentication/Authorization framework.Motivation
I would like to enable an HMAC solution for Authorization where the Requester and Responder each send each other a nonce to be used in the HMAC dervation (as the
infoandsaltparameters). The flow would look like this:requesterNonce, and sends it to the Responder in its SETUP MetadatarequesterNonceand generates its ownresponderNonce. It sender both back to the Requester in the LEASE frames MetadataAt this point, using cryptographic keys exchanged outside this RSocket flow/context, each side can generate an HMAC for each frame and place the HMAC in the Metadata of a frame. The
Authorizationframework would validate the HMAC using the exchanged nonces.For clarity, there are reasons why transport layer security (TLS) is not an option. I am open to suggestions if I have missed a way for this capability to be implemented.