New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: define process for devices to request access to a server #505
Conversation
I am happy with this and would be ready to move forward with it. |
I feel that this should be extended with the kind of access a client can request (i.e. read, read/write or admin - potentially with group modifiers) |
The problem that this PR is solving is how do you grant access to a device that has no practical input methods and you can not enter any kind of credentials to it. I think we end up stalled if we try to specify the kind of access. For example:
There is value in adding this to the spec as it is. Issues and PRs are easy to open, hard to close. |
I actually did intend this to be used for any kind of device. For example, WilhelmSK now supports requesting access this way. For example, buddy can come on your boat. Try to connect with WilhelmSK and WilhelmSK can request access. You hit a button, done. No need to fuss with typing in username and password. |
Is this the my crew can hardly write use case? |
What about this situation: I develop a native Signal K instrument. The instrument can display a certain number of values (i.e. paths), and needs only read access. The access request will be build into the software, i.e. hard-coded. I believe it makes sense if my screen only requests read access for the paths I need. |
My thought was that we could add this in the future. We currently don't have anything spec a providing path level permissions. Once we have that we could add something here. |
Alright, that makes sense. No more comments then ;) |
Wrapped the text at 119 columns which makes for nicer diffs later and easier reading in a terminal now. Also, replaced some quoted text with bold and cleaned up the code examples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks really good. I'm not quite sure I understand the need for a result
code in responses since that exists in the HTTP header. If it accomplishes something the header cannot, shouldn't it be in all of the responses?
gitbook-docs/access_requests.md
Outdated
|
||
## Definitions | ||
|
||
* `clientId` is a string that uniquely identifies a device. This could be a UUID, a combination of model number and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should require that client IDs be UUIDs and specify that the UUID will be converted to a Signal K URN. Or else require that the client provide them as such. e.g. urn:mrn:signalk:uuid:705f5f1a-efaf-44aa-9cb8-a0fd6305567c
. If the client is responsible for generating the ID, UUID provides stronger uniqueness guarantees than letting manufacturers arbitrarily decide what identifier is unique enough.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm good with that. They could put model, serial, etc. in the description.
gitbook-docs/access_requests.md
Outdated
$ curl -k https://localhost:3443/signalk/v1/access/requests/358b5f32-76bf-4b33-8b23-10a330827185 | ||
{ | ||
"state": "COMPLETED", | ||
"result": 200, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If access is denied, shouldn't the result
code be 401?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm a little conflicted on this.
That could mean that they didn't have permission to make the request in the first place.
The request for access was carried out successfully. It's just that the admin denied it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think 200 is correct here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure I see a difference between "the admin denied the request" and "a security policy/configuration denied the request".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets define result
as the outcome of the request/response layer, and state
the outcome of the requested action, eg getting access.
So result
=200 means the request was received/processed successfully, the outcome of the request was 'DENIED'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The definition of state
is in the generic request/response document and I don't think DENIED
would apply to any other responses. Thus it is in the response specific data.
@timmathews can you please review my responses above and let me know if this needs any more changes. |
The only thing we need to resolve for this, IMO is the mechanism for repeated access requests. And perhaps also, what they should do if access was previously granted and then revoked. That could happen when a client device is moved to another server (e.g. the device is sold or the server is replaced) or when someone manually revokes the grant. |
@timmathews please elaborate what problems you foresee (see my comment inline above) As your comment sounds like possible additions I feel we can merge this as is and add more specific instructions if needed. |
TODO: