openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodric Rabbah <>
Subject Re: Extending Authentication and Entitlement - Heads up
Date Tue, 12 Jun 2018 15:17:53 GMT
> The first change will be to introduce an SPI to exchange the existing
EntitlementProvider with an alternative
implementation. Since the EntitlementProvider already is implemented like a
SPI-like interface
this change is very straightforward.

Since IAM integration is of general interest and applicable for others who
deploy and manage OpenWhisk, is the current interface sufficient? For
example, this PR [1] from Andy Steed was steered toward Entitlement checks.
Similarly, the current and future limits applied to a namespace may be
equally fitting (where today they are tied to the subject records). So we
should think about how to support both the short term and long term.


> First the REST API will be enabled to read other authentication formats
and tokens
(e.g. bearer tokens), second there has to be the ability added to pass
different authentication information
to the user actions.

This is great and long overdue - Are you envisioning that we can then also
attach different tokens with resources in a more fine grained capacity than
today (which is an entire namespace)?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message