Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable multiple authenticators to work simultaneously #271

Open
hug-dev opened this issue Oct 14, 2020 · 1 comment
Open

Enable multiple authenticators to work simultaneously #271

hug-dev opened this issue Oct 14, 2020 · 1 comment
Labels
large Effort label multitenancy Getting Parsec to provide isolated key stores for multiple clients based on an identity mechanism

Comments

@hug-dev
Copy link
Member

hug-dev commented Oct 14, 2020

Currently only one authenticator is allowed to work in Parsec.
The reason is that the OnDiskKeyInfoManager stores the KeyTriple to KeyInfo mappings as a directory structure:

    /// mappings_dir_path/
    /// |---app1/
    /// |   |---provider1/
    /// |   |   |---key1
    /// |   |   |---key2
    /// |   |   |   ...
    /// |   |   |---keyP
    /// |   |---provider2/
    /// |   |   ...
    /// |   |---providerM/
    /// |---app2/
    /// |   ...
    /// |---appN/

If we were to add one more layer for AuthType, and then transform the KeyTriple into a KeyFourtuple, old mappings will not be compatible with new ones directly.

That task is about making the necessary changes in Parsec for it to work with multiple authenticators securely. There are changes needed:

  • in the ManageKeyInfo trait and the key_info_managers modules
  • in the Provide trait and implementations to support passing, along the ApplicationName, the AuthType as well

One thing that could also be done is implement a new KeyInfo Manager that supports multiple authenticators and that supports it from start! That way the restriction will only apply to the old OnDiskKeyInfoManager.
@hug-dev hug-dev added the multitenancy Getting Parsec to provide isolated key stores for multiple clients based on an identity mechanism label Oct 14, 2020
@hug-dev hug-dev mentioned this issue Oct 14, 2020
Closed
@hug-dev hug-dev mentioned this issue Jan 6, 2021
Closed
@hug-dev
Copy link
Member Author

hug-dev commented Feb 3, 2021

To be looked at in parallaxsecond/parsec-book#83

@ionut-arm ionut-arm added the large Effort label label Feb 3, 2021
@hug-dev hug-dev mentioned this issue Mar 31, 2021
Closed
@hug-dev hug-dev mentioned this issue Apr 14, 2021
Closed
@MattDavis00 MattDavis00 mentioned this issue Jul 16, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
large Effort label multitenancy Getting Parsec to provide isolated key stores for multiple clients based on an identity mechanism
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hug-dev @ionut-arm