Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

appnote: Add appnote covering Authorisation #115

Open
wants to merge 2 commits into
base: sammg-authentication-methods
Choose a base branch
from
Open

appnote: Add appnote covering Authorisation #115

wants to merge 2 commits into from

Conversation

samdbmg
Copy link
Member

@samdbmg samdbmg commented Feb 13, 2025

Details

Adds AppNote 0016 proposing approaches to handling authorisation in TAMS, based on the BBC/AWS workshop in Salford in November 2024.

Jira Issue (if relevant)

Jira URL: https://jira.dev.bbc.co.uk/browse/CLOUDFIT-3534

Related PRs

Merge after #113

Submitter PR Checks

(tick as appropriate)

  • PR completes task/fixes bug
  • API version has been incremented if necessary
  • ADR status has been updated, and ADR implementation has been recorded
  • Documentation updated (README, etc.)
  • PR added to Jira Issue (if relevant)
  • Follow-up stories added to Jira

Reviewer PR Checks

(tick as appropriate)

  • PR completes task/fixes bug
  • Design makes sense, and fits with our current code base
  • Code is easy to follow
  • PR size is sensible
  • Commit history is sensible and tidy

Info on PRs

The checks above are guidelines. They don't all have to be ticked, but they should all have been considered.

@samdbmg samdbmg requested a review from a team as a code owner February 13, 2025 09:45
j616
j616 reviewed Feb 13, 2025
View reviewed changes
docs/appnotes/0016-authorisation-in-tams-workflows.md
They allow authorisation decisions to be made by taking a set of policies defined in some domain-specific language, along with the attributes of the user (group membership) and resource (Source/Flow class), and computing whether to allow the request.
This decision process is intended to be run inline for each request, for example at an authenticating proxy placed in front of the API server.

For storing classes, an initial proof-of-concept could be built using Source and Flow tags: for example defining "special" tags such as `authz_class.news = 1` (using one tag per class to enable querying for presence of that tag, which is not possible with e.g. a comma-separated list).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the = 1 here just because the tag needs content?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes: it could equally be = true

@samdbmg samdbmg force-pushed the sammg-add-authorisation-appnote branch from cc16ad9 to bcdf5f3 Compare February 14, 2025 10:39
johnbilt
johnbilt reviewed Mar 4, 2025
View reviewed changes
docs/appnotes/0016-authorisation-in-tams-workflows.md
They allow authorisation decisions to be made by taking a set of policies defined in some domain-specific language, along with the attributes of the user (group membership) and resource (Source/Flow class), and computing whether to allow the request.
This decision process is intended to be run inline for each request, for example at an authenticating proxy placed in front of the API server.

For storing classes, an initial proof-of-concept could be built using Source and Flow tags: for example defining "special" tags such as `authz_class.news = 1` (using one tag per class to enable querying for presence of that tag, which is not possible with e.g. a comma-separated list).
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm concerned that using separate tags for a PoC is not representative of what we're actually do with a single field holding an array. Need to balance whether we need in a PoC to be able to query content by permission (makes sense longer term with the final API field) v providing something more representative to the permissions layer.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe this approach was taken due to limitations of https://aws.amazon.com/verified-permissions/ and https://github.com/Permify/permify , as per line 85. I shall double check this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@j616 j616 j616 left review comments

@johnbilt johnbilt johnbilt left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@samdbmg @j616 @johnbilt