mirror of
https://github.com/postmannen/ctrl.git
synced 2025-03-31 01:24:31 +00:00
doc
This commit is contained in:
postmannen
parent
2768e70fdf
commit
81c8610ff1
1 changed files with 5 additions and 1 deletions
|
|
@ -6,7 +6,7 @@ This documents is the planning and concept for how we might be able to also auth
|
|||
|
||||
We also want to add the feature of signature checking for all messages that it comes from a trusted node.
|
||||
|
||||
## Signing
|
||||
## Signing MethodArgs field
|
||||
|
||||
The Request types we want to protect is the REQCliCommand and REQCliCommandCont. We want to have an ACL list of all the message signatures that are allowed to be executed. Signatures not in the ACL list will be discarded.
|
||||
|
||||
|
|
@ -16,6 +16,10 @@ Have a flag to turn off signing on nodes. Should same flag turn off both signing
|
|||
|
||||
Add a flag to do signature checking on all messages for all request types to verify the sender as a double verification on top of the NATS authorization. This is not intended to be used with the ACL list, but only verifying the signature, and that the sender is are who they claim to be.
|
||||
|
||||
## Signing Data field
|
||||
|
||||
We should also add signatures based on the **data** field of the message on the publishers, and also add verification of the these messages when they are received on the subscriber.
|
||||
|
||||
## CentralAuth
|
||||
|
||||
The idea here is to have central auth database which stores all the authorizations that are allowed in the system.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue