Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC-0001] Memorandum on the authorization model #2212

Merged
merged 1 commit into from
Dec 21, 2021
Merged

[RFC-0001] Memorandum on the authorization model #2212

merged 1 commit into from
Dec 21, 2021

Conversation

squaremo
Copy link
Member

@squaremo squaremo commented Dec 13, 2021
edited
Loading

This adds an RFC describing how authorisation works as of v0.24. This can then be a baseline for subsequent RFCs changing authorisation, e.g., namespace ACLs and default-untrusted deployments.

@squaremo squaremo changed the base branch from rfc-0001 to main December 15, 2021 15:54
@squaremo squaremo changed the title Expand on authorisation model RFC: memorandum on the authorisation model Dec 15, 2021
@stefanprodan stefanprodan added the area/rfc Feature request proposals in the RFC format label Dec 16, 2021
stefanprodan
stefanprodan approved these changes Dec 17, 2021
View reviewed changes
Copy link
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Thanks @squaremo 🏅

@stefanprodan stefanprodan requested a review from hiddeco December 17, 2021 07:57
hiddeco
hiddeco approved these changes Dec 17, 2021
View reviewed changes
rfcs/0001-authorisation/README.md Outdated Show resolved Hide resolved
@phillebaba phillebaba self-requested a review December 17, 2021 09:27
phillebaba
phillebaba approved these changes Dec 17, 2021
View reviewed changes
Copy link
Member

@phillebaba phillebaba left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@stefanprodan stefanprodan changed the title RFC: memorandum on the authorisation model [RFC-0001] Memorandum on the authorization model Dec 17, 2021
@stefanprodan
Copy link
Member

stefanprodan commented Dec 17, 2021
edited
Loading

We've assigned 0001 to this RFC and moved #2086 to 0004. The reason for this change is that multi-tenancy builds upon the authorization model and shouldn't contain it. As such, RFC-0001 defines the authorization model and RFC-0004 defines the multi-tenancy model.

darkowlzz
darkowlzz approved these changes Dec 17, 2021
View reviewed changes
Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@stefanprodan
Copy link
Member

@squaremo can you please rename the dir to 0001-authorization

makkes
makkes approved these changes Dec 17, 2021
View reviewed changes
Copy link
Member

@makkes makkes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome explanation!! I love it.

@squaremo squaremo force-pushed the rfc-0001-extra branch 2 times, most recently from b1a43bd to 4c67bb3 Compare December 17, 2021 17:32
@stefanprodan stefanprodan marked this pull request as ready for review December 17, 2021 17:38
@squaremo
RFC on authorisation model
ede6785 
This gives a baseline for future changes, e.g., expanding where
namespace ACLs are used, switching access control to
untrusted-by-default.

The "Security considerations" section  was adapted from

    #2086

Signed-off-by: Michael Bridgen <michael@weave.works>
pjbgf
pjbgf approved these changes Dec 21, 2021
View reviewed changes
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great level of detail of the current auth-N model, this is very helpful.

LGTM

@makkes makkes merged commit 0b133ca into main Dec 21, 2021
@makkes makkes deleted the rfc-0001-extra branch December 21, 2021 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phillebaba phillebaba phillebaba approved these changes

@hiddeco hiddeco hiddeco approved these changes

@pjbgf pjbgf pjbgf approved these changes

@stefanprodan stefanprodan stefanprodan approved these changes

@relu relu relu approved these changes

@darkowlzz darkowlzz darkowlzz approved these changes

@makkes makkes makkes approved these changes

Assignees
No one assigned
Labels
area/rfc Feature request proposals in the RFC format
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@squaremo @stefanprodan @makkes @darkowlzz @relu @pjbgf @hiddeco @phillebaba