You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ABACManager has three modes for evaluating queries:
Running the standard ABAC library context engine internally to the process
Running the standard ABAC library context engine as an external process
Running an internal quick prover that assumes everything is signed by "ME" (the authority).
Currently most ABAC queries are done with #2 since #1 has some memory leak issues. But the queries done in ABACGuard.authorize_call uses ABACManager.query which is configured to use the internal quick prover.
We should change this to call the standard ABAC library context engine as an external process so that we are using a standard mechanism for making policy decisions.
Imported from trac ticket #213, created by mbrinn on 01-22-2014 at 15:04, last modified: 02-08-2014 at 11:11
The text was updated successfully, but these errors were encountered:
We have the fix to this sitting in a chapi branch tkt213_abacguard_query. But it proves to be much too slow for the number of calls we make to the ABAC manager. Either we need to fix the memory leak in ABAC so we can all it internally, or we need to change the pattern of calling, or we need to continue to use ABACManager.query. But this proposed fix is not the right way to go.
Trac comment by mbrinn (github user: MarshallBrinn) on 02-08-2014 at 11:11
The ABACManager has three modes for evaluating queries:
Currently most ABAC queries are done with #2 since #1 has some memory leak issues. But the queries done in ABACGuard.authorize_call uses ABACManager.query which is configured to use the internal quick prover.
We should change this to call the standard ABAC library context engine as an external process so that we are using a standard mechanism for making policy decisions.
Imported from trac ticket #213, created by mbrinn on 01-22-2014 at 15:04, last modified: 02-08-2014 at 11:11
The text was updated successfully, but these errors were encountered: