Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify a way to enable some form of security #153

Open
xibz opened this issue Jul 26, 2023 · 3 comments
Open

Specify a way to enable some form of security #153

xibz opened this issue Jul 26, 2023 · 3 comments

Comments

@xibz
Copy link
Contributor

xibz commented Jul 26, 2023

The ideal goal is to have a single event bus that handles all CDEvents. However, when a service team is to deploy something, other consumers may not have disclosures on that particular item/feature/event. Due to this, we need some way of allowing for producers to target specific consumers.

It isn't clear what this looks like yet, and this may not even be the right repo depending on the discussion.

Further we need a way of identifying a sender, whether that is done by signing events or what

@e-backmark-ericsson
Copy link
Contributor

What event (types) should reach what consumers should not be up to the protocol/spec to decide. It is more of an event infrastructure deployment/config setting. In RabbitMQ for example, this would be handled by setting different binding keys (federations) between different instances of message buses. Events produced on one message bus instance would or would not be available in a connected message bus instance, depending on what federation rules (binding keys) are defined between them.

@xibz
Copy link
Contributor Author

xibz commented Aug 14, 2023

be up to the protocol/spec to decide

Agreed. That's why I mention that this is probably the wrong repo, but I want to open discussions for this, because this is going to be something every company/team/person would need to think about.

It is more of an event infrastructure deployment/config setting

Right, but the idea is how would a team go about solving that. I think having some ideas or designs that people could follow would be most helpful and if we can provide a library or something that makes authentication/authorization/identity easier, then we should, because security can be easily overlooked, and if some company ends up with a bad design, then that is going to be a horrible experience.

@e-backmark-ericsson
Copy link
Contributor

I agree. There are ideas in CDF on creating a reference architecture, and this discussion could partly be detailed there. But the specifics of identifying senders and such might also affect the CDEvents protocol spec itself, so I won't say this issue is completely wrongly placed in this repo.
The CDF reference architecture is expected to be driven by SIG Interoperability. Possibly through this issue: cdfoundation/toc#170. One way to progress this would be to join the SIG Interoperability meetings, documented here: https://hackmd.io/HuufSDMaTPyb3qxkyBKg3A

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants