OpenMined
Static FL authentication: authenticated worker_id is not specific to model
Description
Static FL auth checks auth token against supplied model_name and model_version settings, and if token is valid issues worker_id.
Then, worker requests the cycle using worker_id and pygrid checks that such worker_id really exists (authenticated).
The problem is when requesting a cycle, worker may use ANY model_name, model_versions, including different ones than were validated in the auth request. Which means worker may get worker_id auth using unprotected model and then successfully request cycle of protected model.
How to Reproduce
See above.
Expected Behavior
Worker_id must work only for model that worker was authenticated against.
Screenshots
n/a
System Information
- OS: [e.g. iOS]
- OS Version: [e.g. 22]
- Language Version: [e.g. Python 3.7, Node 10.18.1]
- Package Manager Version: [e.g. Conda 4.6.1, NPM 6.14.1]
- Browser (if applicable): [e.g. Google Chrome]
- Browser Version (if applicable): [e.g. 81.0.4044.138]
Additional Context
Add any other context about the problem here.
This issue has been marked stale because it has been open 30 days with no activity. Leave a comment or remove the stale label to unmark it. Otherwise, this will be closed in 7 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Note: suggested fix is to add new table for FLProcess-Worker authorization. When worker successfully authenticates for given FL process, we add record to this table. Then in cycle request, we should check if worker_id is authorized for requested FL process.
