Feature #2328
Updated by Tom Clegg over 10 years ago
The proposed permissions model for Keep is: GET and HEAD: * Keep server expects each read request to come with an API must be accompanied by a permissions token (in HTTP headers) ** supported permissions are "read", "write" and a string +Asignature@timestamp (appended to the block hash) "delete" * if the timestamp is in permissions token does not support the past, or specified operation, the signature operation is invalid, 401. PUT: rejected * the Keep server expects each write request to come with an API token (in HTTP headers) * Keep server generates a +Asignature@timestamp string and appends permissions token each time it to the hash in the response after writes a successful PUT Reference: block * "Ruby code the client is responsible for generating and verifying signatures":https://arvados.org/projects/arvados/repository/revisions/master/entry/services/api/app/models/blob.rb supplying the appropriate permissions token each time it issues a request Desired command line arguments to control permissions: * @--enable-permissions=@ _true/false_ to enable or disable permission enforcement ** For transition, maybe support a @--generate-permissions@ flag and a @--enforce-permissions@ flag. ** Alternatively, make Keep always generate permission tokens, but only enforce them when the perms flag is turned on. ** Permissions are always required for DELETE * @--privileged-ip@ specifies IP addresses to be considered superuser. ** If permissions are disabled, index (@GET /index.txt@) and @DELETE@ do not work unless remote address matches @--privileged-ip@ command line argument