Idea #2755
Updated by Tom Clegg almost 10 years ago
h3. Phase 1 * Collections.create() - verify permission signatures in provided manifest_text. Strip them -- and all other +whatever hints except one size hint -- before verifying @uuid==hash(manifest_text)@ and storing manifest_text in database. ** Pass signature verification step (until Phase 4) if a blob locator is missing the permission signature entirely. * Collections.get() - return a manifest_text with a +A... permission signature added to each blob locator. (Phase 1 can be deployed any time now.) h3. Phase 2 * Python SDK, when writing a collection, ** Stop throwing away the +A Collections.create() - verify permission signatures that (might) emanate from the keep servers during Keep.put(). ** In arv-put, include the +A signatures in the provided manifest_text. Strip them before storing manifest_text when sending to server. ** In arv-put, compute collection uuid based on a version of manifest_text with the +A signatures (and all other +anything other than +size) stripped off. ** For good form, when doing collections.create() in arv-put, ensure the UUID returned by API server matches the one you sent. database and verifying @uuid==hash(manifest_text)@ * Python SDK, when reading creating a blob, ** Set "Authorization: OAuth2 $ARVADOS_API_TOKEN" header collection - strip +A... permission signatures before computing uuid (but supply them in http requests to Keep servers. (Phase 2 package manifest_text so they can be published any time now.) h3. Phase 3 * Deploy Keep server with signature _generation_ feature enabled. * Test old and new Python clients. h3. Phase 4 *Upgrade all python SDKs/clients first. Then:* * Remove "no signature provided" exemption from API server. * Enable signature _verification_ on keep servers. verified)