altafan
commented
8 months ago macaroons auth FTW? Also, we could add to add a proper bakery command to the cli to facilitate the creation of fine grained constraints as the one you mentioned.
Open tiero opened 8 months ago
altafan
commented
8 months ago macaroons auth FTW? Also, we could add to add a proper bakery command to the cli to facilitate the creation of fine grained constraints as the one you mentioned.
tiero
commented
8 months ago Yes, technology-wise I am ok with it, just saying that open to other less complex alternatives. Even a simple auth in database why not. In the end ocean is used as standalone service by an human, not other micro-services (where macaroons instead are built for)
https://fly.io/blog/api-tokens-a-tedious-survey/
My take is that if you really dont want stateful auth (but in Ocean seems perfect), Facebook CAT and Biscuits are simpler
We should introduce an authorization layer for the exposed gRPC service so that it can be exposed over the public internet and used as a hot-wallet backend by multiple services, each one with specific account-scoped permissions.
It boils down to the type of DSL we want to introduce to describe the RPC access and limitations (ie. Transfer rpc can have X amount to be spent)