bindle icon indicating copy to clipboard operation
bindle copied to clipboard
verified publisher icon deislabs

Access policy for a bindle?

Open npmccallum opened this issue 4 years ago • 2 comments

Has any thought been given to access policy for a bindle?

/_i/{bindle-name}@{parcel-id}

I'm really glad that all parcel fetches are done in the context of a bindle name. This means that the invoice can define access control for both itself and its parcels. A user, for example, should be able to always fetch their own bindles. But they should also allow fetching of bindles selectively for other users (or even other criteria). The access policy for a bindle should include the invoice itself. For example, if a user doesn't have access to a bindle it cannot see either the invoice or any of the parcels.

npmccallum avatar Dec 16 '21 13:12 npmccallum

This is definitely something we've thought through (see the Authorizable and Authorizer traits), but we haven't implemented this yet. I do have an initial design written up in a HackMD somewhere. Let me grab the relevant info and open up a new issue with it

thomastaylor312 avatar Jan 19 '22 19:01 thomastaylor312

Just created #275 with that information

thomastaylor312 avatar Jan 19 '22 19:01 thomastaylor312