Auth - authz #34
Comments
|
Auth N/Z is def something I plan to add. Will look into the best way to implement this. |
|
With the latest release, there is now Mutual TLS as an Auth option (thanks to this issue). BTW would love to hear more about how you are using Tarmac (i.e., is it for fun or actual work, is it a POC or in production, etc.) |
|
Thanks for the addition of m-tls. I am experimenting with using Tarmac to allow scientists to build data processing and charting. It’s for biomimicry and open science platform so that peer review done by both other scientists and the public is reproducible. The problem it solves is one of transparency. Currently scientists write a paper with detailed explanations of their experiments and thesis, but without the data and logic and charts that they used to come to their conclusions, I want to help this situation by making it easy to run other scientists code and data. Most scientists work with data in excel and do their charts also with excel. The reason for auth and authz is so that a scientist can give access or share their code and data with others. |
|
Btw jwt would be perfect for me because I use NATS as the routing system for events and rpc. nats has a full identity and authz system based on jwt. So I can create a users account or service account in nats and then use tarmac jwt to authenticate into NATS system. nats is golang based. https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt |
|
@gedw99 sounds really cool. I will be adding jwt for sure. |
|
Consider NATS for the other layers maybe: I noticed you have a KV store using cassandra at https://github.com/madflojo/tarmac/blob/main/pkg/callbacks/kvstore/kvstore.go Here is a KV store with different drivers, and one of them is NATS: https://github.com/HeavyHorst/easykv And for durable TLS Certs: https://github.com/HeavyHorst/certmagic-nats NATS also has an Object store. The potent thing here is that the NATS security controls access to ALL of this. Doing authz is one thing but authouriation is hard as it needs to be enforced throughout the stack. NATS does it for you and is highly extensible. https://github.com/bots-garden/capsule/blob/main/capsulemodule/hostfunctions/nats.go is similar to Capsule and exposes NATS directly as WASM Host function. Many people also ship Logging and Metrics over NATS, using non durable topic. SO then even this gets the NATS security overlay. Anyways, don't want to be pushy pushy.. I use NATS for many different projects as its highly reusable. |
As far as I can see there is not any auth or authz in tarmac.
i generally use NATS for rerouting events into tarmac . Nats just wants a jwt to control Auth and Authz.
But even without NATS , Tarnac needs to assert who can do what.
https://github.com/pocketbase/pocketbase looks like a nice solution to this.
.Or at least to use as one way to add auth / authz. It’s probable that others might want a different solution and that’s why jwt is loose coupled.
the cool thing about pocketbaae is that it’s real time and simple.
have a look
The text was updated successfully, but these errors were encountered: