User Statement:
To provide Authn/Authz services for VHC clients, the VCH must be enhanced to provide access control.
Details:
Docker implements an Authz plugin interface to allow request to be filtered by an access control system. The Authz plugin relies on client certificates to provide user identity. A similar approach can be used in the VCH. A new module inspired by the Authz plugin structure should be added to the VCH. This requires implementing a new Middleware in the API server. The new middleware will call into the access control module which, in turns collects the user Security Context from Admiral.
User Statement: To provide Authn/Authz services for VHC clients, the VCH must be enhanced to provide access control.
Details: Docker implements an Authz plugin interface to allow request to be filtered by an access control system. The Authz plugin relies on client certificates to provide user identity. A similar approach can be used in the VCH. A new module inspired by the Authz plugin structure should be added to the VCH. This requires implementing a new Middleware in the API server. The new middleware will call into the access control module which, in turns collects the user Security Context from Admiral.
https://confluence.eng.vmware.com/display/~lcastellano/VIC+Engine+Authentication+and+Authorization
Acceptance Criteria: The VCH contains a new middleware that uses Admiral to enforce access control.