kcp
kcp copied to clipboard
kcp-dev
Investigation: system component authentication + authorization plan
We do not want all system components (shards, virtual workspace apiserver, syncers, proxy, ...) have admin access each. Hence, we have to work out a plan how to allow them to see what they have to see, but not access any other data.
Background: today ComponentShard references a secret with admin credentials. That's not a good idea to do as it lacks a concept of identity of the consumer of that secret.
Topics/Ideas to thtink about:
- client certs
- a kcp global CA
- some kind of scoping of clients
- node-authorizer-like authorization
