Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set the user's identity as the confidentiality tag in invocation channels for HTTP and gRPC server nodes #1428

Closed
rbehjati opened this issue Sep 3, 2020 · 3 comments
Closed

Set the user's identity as the confidentiality tag in invocation channels for HTTP and gRPC server nodes #1428

rbehjati opened this issue Sep 3, 2020 · 3 comments
Assignees
@rbehjati
Labels
IFC Information Flow Control related issues P0
Milestone
IFC v0

Comments

@rbehjati
Copy link
Contributor

rbehjati commented Sep 3, 2020
edited
Loading

Each incoming gRPC/HTTP invocation is represented by a message containing two Channel handles: a "request receiver" and a "response sender".

Currently the "response sender" gets the public_untrusted label. However, as explained in the docs, it should have a confidentiality component that is set based on the identity of the user. This is needed to avoid any accidental data leaks.
This was referenced Sep 3, 2020
Merged
Closed
@tiziano88 tiziano88 added the P0 label Sep 18, 2020
This was referenced Oct 14, 2020
Merged
Closed
@rbehjati rbehjati mentioned this issue Oct 21, 2020
Closed
6 tasks
@rbehjati rbehjati mentioned this issue Nov 2, 2020
Merged
@conradgrobler conradgrobler added this to the IFC v0 milestone Nov 3, 2020
@tiziano88
Copy link
Collaborator

@rbehjati I believe your changes already fix this, so assigning to you, but let me know if that's not the case.

@rbehjati
Copy link
Contributor Author

rbehjati commented Nov 3, 2020

Yes. But partially. I'll update the description here, and can create a separate issue to track setting the user identity as the integrity label. Do we have a top-level issue for integrity labels?

@rbehjati rbehjati changed the title Set correct invocation channel labels for HTTP and gRPC server nodes based on user identity Set the user's identity as the confidentiality tag in invocation channels for HTTP and gRPC server nodes Nov 18, 2020
@tiziano88 tiziano88 added the IFC Information Flow Control related issues label Nov 26, 2020
@rbehjati rbehjati mentioned this issue Feb 1, 2021
Closed
@rbehjati
Copy link
Contributor Author

rbehjati commented Feb 3, 2021

Closing this now, but the work on identity-related integrity labels is going to be part of IFC v1, and #1715.

@rbehjati rbehjati closed this as completed Feb 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rbehjati rbehjati

Labels
IFC Information Flow Control related issues P0
Projects
None yet
Milestone
IFC v0
Development

No branches or pull requests
3 participants
@tiziano88 @rbehjati @conradgrobler