[RFC-0001] Memorandum on the authorization model #2212
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
squaremo
force-pushed
the
rfc-0001-extra
branch
from
84ccd92
to
e549a93
Compare
squaremo
changed the title
squaremo
force-pushed
the
rfc-0001-extra
branch
from
5478a40
to
48eaaab
Compare
hiddeco
approved these changes
Dec 17, 2021
stefanprodan
changed the title
relu
approved these changes
Dec 17, 2021
|
We've assigned 0001 to this RFC and moved #2086 to 0004. The reason for this change is that multi-tenancy builds upon the authorization model and shouldn't contain it. As such, RFC-0001 defines the authorization model and RFC-0004 defines the multi-tenancy model. |
|
@squaremo can you please rename the dir to |
makkes
approved these changes
Dec 17, 2021
squaremo
force-pushed
the
rfc-0001-extra
branch
2 times, most recently
from
b1a43bd
to
4c67bb3
Compare
This gives a baseline for future changes, e.g., expanding where
namespace ACLs are used, switching access control to
untrusted-by-default.
The "Security considerations" section was adapted from
#2086
Signed-off-by: Michael Bridgen <michael@weave.works>
squaremo
force-pushed
the
rfc-0001-extra
branch
from
4c67bb3
to
ede6785
Compare
pjbgf
approved these changes
Dec 21, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds an RFC describing how authorisation works as of v0.24. This can then be a baseline for subsequent RFCs changing authorisation, e.g., namespace ACLs and default-untrusted deployments.