feature: define process for devices to request access to a server #505
Conversation
sbender9
changed the title
sbender9
changed the title
sbender9
changed the title
|
I am happy with this and would be ready to move forward with it. |
|
I feel that this should be extended with the kind of access a client can request (i.e. read, read/write or admin - potentially with group modifiers) |
|
The problem that this PR is solving is how do you grant access to a device that has no practical input methods and you can not enter any kind of credentials to it. I think we end up stalled if we try to specify the kind of access. For example:
There is value in adding this to the spec as it is. Issues and PRs are easy to open, hard to close. |
|
I actually did intend this to be used for any kind of device. For example, WilhelmSK now supports requesting access this way. For example, buddy can come on your boat. Try to connect with WilhelmSK and WilhelmSK can request access. You hit a button, done. No need to fuss with typing in username and password. |
|
Is this the my crew can hardly write use case? |
|
What about this situation: I develop a native Signal K instrument. The instrument can display a certain number of values (i.e. paths), and needs only read access. The access request will be build into the software, i.e. hard-coded. I believe it makes sense if my screen only requests read access for the paths I need. |
My thought was that we could add this in the future. We currently don't have anything spec a providing path level permissions. Once we have that we could add something here. |
Alright, that makes sense. No more comments then ;) |
Wrapped the text at 119 columns which makes for nicer diffs later and easier reading in a terminal now. Also, replaced some quoted text with bold and cleaned up the code examples.
gitbook-docs/access_requests.md
Outdated
|
|
||
| ## Definitions | ||
|
|
||
| * `clientId` is a string that uniquely identifies a device. This could be a UUID, a combination of model number and |
There was a problem hiding this comment.
We should require that client IDs be UUIDs and specify that the UUID will be converted to a Signal K URN. Or else require that the client provide them as such. e.g. urn:mrn:signalk:uuid:705f5f1a-efaf-44aa-9cb8-a0fd6305567c. If the client is responsible for generating the ID, UUID provides stronger uniqueness guarantees than letting manufacturers arbitrarily decide what identifier is unique enough.
There was a problem hiding this comment.
I'm good with that. They could put model, serial, etc. in the description.
gitbook-docs/access_requests.md
Outdated
| $ curl -k https://localhost:3443/signalk/v1/access/requests/358b5f32-76bf-4b33-8b23-10a330827185 | ||
| { | ||
| "state": "COMPLETED", | ||
| "result": 200, |
There was a problem hiding this comment.
If access is denied, shouldn't the result code be 401?
There was a problem hiding this comment.
I'm a little conflicted on this.
That could mean that they didn't have permission to make the request in the first place.
The request for access was carried out successfully. It's just that the admin denied it.
There was a problem hiding this comment.
I'm not sure I see a difference between "the admin denied the request" and "a security policy/configuration denied the request".
There was a problem hiding this comment.
Lets define result as the outcome of the request/response layer, and state the outcome of the requested action, eg getting access.
So result=200 means the request was received/processed successfully, the outcome of the request was 'DENIED'
There was a problem hiding this comment.
The definition of state is in the generic request/response document and I don't think DENIED would apply to any other responses. Thus it is in the response specific data.
|
@timmathews can you please review my responses above and let me know if this needs any more changes. |
|
The only thing we need to resolve for this, IMO is the mechanism for repeated access requests. And perhaps also, what they should do if access was previously granted and then revoked. That could happen when a client device is moved to another server (e.g. the device is sold or the server is replaced) or when someone manually revokes the grant. |
|
@timmathews please elaborate what problems you foresee (see my comment inline above) As your comment sounds like possible additions I feel we can merge this as is and add more specific instructions if needed. |
TODO: