engine icon indicating copy to clipboard operation
engine copied to clipboard

Published 20 hours ago verified publisher icon mesg-foundation

Add authorization to execute a service/instance

Open antho1404 opened this issue 5 years ago • 5 comments

We should have some control over who can execute a task of a service.

There are 2 reasons for that:

  • A developer can deploy a service with a specific environment (like an API key) without setting a price for the task and so let anyone use the service (because the runner is public).
  • If we want to restrict the use of the service to a list of users only

We could add a whitelist/blacklist of address on the service or the task to fix this.

antho1404 avatar Jan 07 '20 05:01 antho1404

This is now done by the orchestrator API: only authorized clients can access the create execution endpoint.

NicolasMahe avatar May 27 '20 10:05 NicolasMahe

This is about execution of the task from anyone (processes included). As a user I can still create a process that uses an instance hash that I found somewhere and use it. We should be able to whitelist executions to anyone or one or multiple sources. Example: only process XX

antho1404 avatar May 27 '20 11:05 antho1404

This is about execution of the task from anyone (processes included). As a user I can still create a process that uses an instance hash that I found somewhere and use it. We should be able to whitelist executions to anyone or one or multiple sources. Example: only process XX

Executions can be only created by the owner of the runner of the service, or any process. Is it not enough? https://github.com/mesg-foundation/engine/blob/9200c18e8fb67d970bca61a3330cea190b73963e/x/execution/internal/keeper/keeper.go#L104-L106

NicolasMahe avatar May 28 '20 04:05 NicolasMahe

If you are speaking about a full authorization system using encryption of something like this, then I would suggest to close this issue and to create a task on the roadmap. I would like to keep issue on this repository to bugs or feature that needs to be done in the current sprint.

NicolasMahe avatar May 28 '20 04:05 NicolasMahe

I will explain it with an example:

Let's take 2 users, Alice and Bob of course.

  • Alice develop a service for her personal use
  • Alice creates a process that uses the instance of the service, that contains her api key in the env. This is safe but now there is an instance running this api key
  • Alice deploys everything and her application works great youpi
  • Bob sees the service of Alice and knows that it's using an env
  • Bob look at the instances created by Alice and get the hash of the instance used in her process
  • Bob create a process that uses the instance of Alice
  • Now Bob is using Alice service (that was not configured with any price to cover external use)

This is something that should be avoided, either a process can only run a service that is created by the same creator of the process but that destroy the whole purpose of service reusability. Another way is to add whitelist/blacklist addresses that only these one would be able to execute a task on this instance. In that case, only the process of Alice would be authorized in the instance and Bob would have an error when trying to use Alice's instance.

Is it clearer with this example?

antho1404 avatar May 28 '20 04:05 antho1404