henrysun007 opened a new issue, #700:
URL: https://github.com/apache/incubator-teaclave/issues/700
<!--
Thank you for suggesting an idea to make Teaclave better.
Please fill in as much of the template below as you're able.
-->
### Motivation & problem statement
<!--
Provide a clear and concise description of what the problem is.
-->
The access service is not used by any other services. The python engine
(MesaPy) it uses is not maintained any more. Teaclave is moving towards
Confidentail VM and the ported services should be determined.
### Proposed solution
<!--
Provide a clear and concise description of what you want to happen.
-->
I reviewd all the access control code in the managment and frontend services
and found that most of the access control patterns are attribute-based, like
checking the user ID against the owner ID of the object, e.g., task, file and
function. Three years ago, someone suggested using
[casbin-rs](https://github.com/casbin/casbin-rs) as the engine in #265 . Casbin
is powerful and supports ABAC. We can use it to do most of the access control.
For more complicated access control, we can keep the enforcer hard-coded as it
is now.
Please feel free to comment, thanks.
@mssun @uraj
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@teaclave.apache.org
For additional commands, e-mail: notifications-h...@teaclave.apache.org
