-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Agent-Driven Attestation #103
Comments
stringlytyped
added a commit
to stringlytyped/keylime-enhancements
that referenced
this issue
Sep 18, 2023
stringlytyped
added a commit
to stringlytyped/keylime-enhancements
that referenced
this issue
Sep 18, 2023
Signed-off-by: Jean Snyman <jean.snyman@hpe.com>
This was referenced Sep 20, 2023
stringlytyped
added a commit
to stringlytyped/keylime-enhancements
that referenced
this issue
Sep 20, 2023
Signed-off-by: Jean Snyman <jean.snyman@hpe.com>
stringlytyped
added a commit
to stringlytyped/keylime-enhancements
that referenced
this issue
Sep 20, 2023
Signed-off-by: Jean Snyman <jean.snyman@hpe.com>
maugustosilva
added a commit
that referenced
this issue
Sep 21, 2023
Add written proposal for enhancement #103
stringlytyped
added a commit
to hse-aurora/keylime-oss
that referenced
this issue
Jun 28, 2024
This commit consolidates the work completed as part of pull request keylime#1523 and contributes a new way of architecting REST APIs based loosely on the model-view-controller (MVC) pattern. The class library in `keylime.web.base` and `keylime.models.base` provides a number of building blocks for structuring web service code in a consistent and ordered fashion. These include: - Routes: parameterised URI patterns for declaring API endpoints - Servers: direct requests to a controller based on a list of routes - Controllers: handle requests and produce an appropriate response - Models: data structures which can be mutated, validated and persisted according to a set pattern Additionally, this commit re-implements the registrar APIs in the new paradigm. `keylime.registrar_common` is no longer invoked and is effectively replaced by `keylime.web.registrar_server` and `keylime.web.registrar.agents_controller`. The `registrarmain` database table is now represented in memory using the `RegistrarAgent` model. The model defines a schema for agent records and encapsulates the functionality for mutating these records instead of overloading request handlers with this responsibility. Certificate and key verification checks are broken into several small methods each with a clear, minimal purpose in an effort to ensure readability, traceability and composability (even when the registrar is extended in the future). The refactor of the registrar therefore acts as a good demonstration of how the new web framework facilitates writing modular code with clear separation of concerns. Future contributions to implement agent-driven attestation (keylime/enhancements#103) will be done in a similar way. Some minor features have been added or changed, e.g., request logging is now more detailed and log messages try to be more helpful where possible. The user now has the option of suppressing a portion of the warnings generated when a certificate is not strictly ASN.1 DER compliant, or even rejecting such certificates when received from an agent. This partially fixes issue keylime#1559 (which will be further addressed in subsequent PRs). Other than that, this commit should be functionally equivalent to earlier Keylime versions. Squashes commits: 3b8119c, 796417d, a0d3cf7, 1b42ee2, c52b005, f5869aa, 3cd4c2a, 75facbd, e6ec507, 45a1362, 3c8f202, 30eb7dc, 2b9de05, b4a2df1, 1c2db6b, 705d9d4, e28baf6, 282071c, 2f7095d, f254a78, a249d28, 9fe4042, b3eaa3e, ca3782a, 0ae1249, 9696a39, 33b7184, 7d8a4ee, 55eacb9, 2496836, 0d8a232, 4690017, ce9315a, 9c79359, 5055dc1, 9387a0b, 0db1fb8, 42fa62d, 89474ee, 7527175, fc1217e, de282c4, a28078f. For context, refer to PR keylime#1523. Signed-off-by: Jean Snyman <jean.snyman@hpe.com>
maugustosilva
pushed a commit
to keylime/keylime
that referenced
this issue
Jun 28, 2024
This commit consolidates the work completed as part of pull request #1523 and contributes a new way of architecting REST APIs based loosely on the model-view-controller (MVC) pattern. The class library in `keylime.web.base` and `keylime.models.base` provides a number of building blocks for structuring web service code in a consistent and ordered fashion. These include: - Routes: parameterised URI patterns for declaring API endpoints - Servers: direct requests to a controller based on a list of routes - Controllers: handle requests and produce an appropriate response - Models: data structures which can be mutated, validated and persisted according to a set pattern Additionally, this commit re-implements the registrar APIs in the new paradigm. `keylime.registrar_common` is no longer invoked and is effectively replaced by `keylime.web.registrar_server` and `keylime.web.registrar.agents_controller`. The `registrarmain` database table is now represented in memory using the `RegistrarAgent` model. The model defines a schema for agent records and encapsulates the functionality for mutating these records instead of overloading request handlers with this responsibility. Certificate and key verification checks are broken into several small methods each with a clear, minimal purpose in an effort to ensure readability, traceability and composability (even when the registrar is extended in the future). The refactor of the registrar therefore acts as a good demonstration of how the new web framework facilitates writing modular code with clear separation of concerns. Future contributions to implement agent-driven attestation (keylime/enhancements#103) will be done in a similar way. Some minor features have been added or changed, e.g., request logging is now more detailed and log messages try to be more helpful where possible. The user now has the option of suppressing a portion of the warnings generated when a certificate is not strictly ASN.1 DER compliant, or even rejecting such certificates when received from an agent. This partially fixes issue #1559 (which will be further addressed in subsequent PRs). Other than that, this commit should be functionally equivalent to earlier Keylime versions. Squashes commits: 3b8119c, 796417d, a0d3cf7, 1b42ee2, c52b005, f5869aa, 3cd4c2a, 75facbd, e6ec507, 45a1362, 3c8f202, 30eb7dc, 2b9de05, b4a2df1, 1c2db6b, 705d9d4, e28baf6, 282071c, 2f7095d, f254a78, a249d28, 9fe4042, b3eaa3e, ca3782a, 0ae1249, 9696a39, 33b7184, 7d8a4ee, 55eacb9, 2496836, 0d8a232, 4690017, ce9315a, 9c79359, 5055dc1, 9387a0b, 0db1fb8, 42fa62d, 89474ee, 7527175, fc1217e, de282c4, a28078f. For context, refer to PR #1523. Signed-off-by: Jean Snyman <jean.snyman@hpe.com>
Draft
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Enhancement Description
Enable an alternative operational model in which attestations are sent on an agent-driven basis instead of being requested by the verifier
Please to keep this description up to date.
The text was updated successfully, but these errors were encountered: