Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MFA: Change from permission to a new concept requirement #132

Merged
merged 8 commits into from
Sep 26, 2024
Merged

MFA: Change from permission to a new concept requirement #132

merged 8 commits into from
Sep 26, 2024

Conversation

mickenordin
Copy link
Collaborator

@mickenordin mickenordin commented Sep 13, 2024
edited
Loading

A requirement is a restriction on a resource, an anti permission if you
will. Currently two types exist, mfa-enforced and none.

Requirements are required to be set on a resource, so that an
implementor can check requirements without having to check if the
attribute is set in the request beforehand.

Please note that the token endpoint removed in the first commit is a duplicate, so it is still in the spec :)

@mickenordin
Make yaml compliant
38e48e8
@mickenordin
MFA: Change from permission to a new concept requirement
637fafb 
A requirement is a restriction on a resource, an anti permission if you
will. Currently two types exist, `mfa-enforced` and `none`.

Requirements are required to be set on a resource, so that an
implementor can check requirements without having to check if the
attribute is set in the request beforehand.
glpatcern
glpatcern reviewed Sep 13, 2024
View reviewed changes
Copy link
Member

@glpatcern glpatcern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, just a couple of comments, as well as a more general question: I'd introduce a signed requirement as well, as mentioned yesterday. After all it does not cost much - requirements are optional - but given that signatures are ALSO optional for backwards compatibility, there's a way to enforce them if needed.

michielbdejong
michielbdejong reviewed Sep 13, 2024
View reviewed changes
michielbdejong
michielbdejong reviewed Sep 13, 2024
View reviewed changes
michielbdejong
michielbdejong approved these changes Sep 13, 2024
View reviewed changes
Copy link
Contributor

@michielbdejong michielbdejong left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

michielbdejong added a commit that referenced this pull request Sep 16, 2024
@michielbdejong
edits of #132
ec9a78c
michielbdejong added a commit that referenced this pull request Sep 16, 2024
@michielbdejong
edits of #132
2000b96
@michielbdejong
Copy link
Contributor

@mickenordin can you have a look at the comments and merge this?

@mickenordin
Copy link
Collaborator Author

mickenordin commented Sep 26, 2024
edited
Loading

Nice, just a couple of comments, as well as a more general question: I'd introduce a signed requirement as well, as mentioned yesterday. After all it does not cost much - requirements are optional - but given that signatures are ALSO optional for backwards compatibility, there's a way to enforce them if needed.

I would prefer if we add the signed requirement in a separate pr, it is not clear to me if a requirement must be accompanied by a capability. We can discuss that in the next meeting.

@mickenordin mickenordin merged commit f8d5384 into develop Sep 26, 2024
@mickenordin mickenordin deleted the kano-requirements branch September 26, 2024 15:40
@glpatcern
Copy link
Member

I would prefer if we add the signed requirement in a separate pr, it is not clear to me if a requirement must be accompanied by a capability. We can discuss that in the next meeting.

All right, and yes I believe it must - as for the mfa!

@glpatcern glpatcern mentioned this pull request Sep 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michielbdejong michielbdejong michielbdejong approved these changes

@glpatcern glpatcern glpatcern left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mickenordin @michielbdejong @glpatcern