Authentication for a multi-cluster workflow » History » Version 1
Tom Clegg, 06/22/2018 09:09 PM
| 1 | 1 | Tom Clegg | h1. Authentication for a multi-cluster workflow |
|---|---|---|---|
| 2 | |||
| 3 | (work in progress) |
||
| 4 | |||
| 5 | Scenarios: |
||
| 6 | |||
| 7 | | user uuid | workflow uuid | cluster running parent workflow | cluster running child container || |
||
| 8 | | uuuuu | uuuuu | uuuuu | uuuuu |degenerate case (no federation)| |
||
| 9 | | uuuuu | wwwww | uuuuu | uuuuu |A| |
||
| 10 | |||
| 11 | h2. A: Proxy "GET workflow" request on behalf of local user |
||
| 12 | |||
| 13 | Cluster uuuuu makes a salted token for cluster wwwww when proxying the client's "GET workflow wwwww-*" request. |
||
| 14 | |||
| 15 | Cluster wwwww calls back to cluster uuuuu to verify the salted token. |