Re: [Edgex-tsc] Auth Service


White2, James
 

Drasko,
Per our meeting yesterday, I think the answer is yes this would be of interest. We wholeheartedly accept such contributions for consideration into the upcoming release cycle. If you (Mainflux) or others are willing to build these that would be great.

As a community, we need to make sure any contribution, to include this proposed one, meet the architectural guideposts we have in place (and from our conversation yesterday, I think this one does but defer to the security experts for more affirmative reaction). And we, as a community as of yesterday, haven't set this out as something we need as MVP for California release, but would love to see it if you can make it happen.

As I understand it, I think this would be a good addition to what we talked about for AAA with regard to support of the Basic Auth option. I would encourage you to continue to share through the Security WG via Doug, David and Riaz and others your thoughts, progress and any requests to deviate from our resolutions about California that we made yesterday.

Jim
________________________________________
From: edgex-tsc-bounces@... <edgex-tsc-bounces@...> on behalf of Drasko DRASKOVIC <drasko@...>
Sent: Tuesday, January 16, 2018 11:53 PM
To: edgex-golang@...; edgex-devel@...; edgex-tsc@...; edgex-tsc-security@...; edgex-tsc-core@...; Dejan Mijic; Janko Isidorovic; darko@...; manuel@...; Nikola Marcetic
Subject: [Edgex-tsc] Auth Service

Hi all,
I started writing a small Auth service that would live behind the
proxy and have 3 goals:
1) To create (register) a user (i.e. create a user account in MongoDB)
2) Login user (i.e. issue JWT token upon correct username + password)
3) Expose /auth API call so that all other API calls to other services
can be first redirected first to this service for Auth check

Basically - whole API of the service is here:
https://github.com/drasko/edgex-auth/blob/master/auth/server.go#L21-L27

This service would solve gateway protection on production level
(encrypted user credentials are kept in MongoDB, can be also written
in Vault in later versions), and I guess that first version can be
finished in a couple of days.

Would something like this be of interest?

Best regards,
Drasko DRASKOVIC
Mainflux Author and Technical Advisor

www.mainflux.com | Industrial IoT Cloud
-------------------------------------------------------------------
Engineering Division | Paris, France

LinkedIn: https://www.linkedin.com/in/draskodraskovic
Twitter: @draskodraskovic

_______________________________________________
EdgeX-TSC mailing list
EdgeX-TSC@...
https://lists.edgexfoundry.org/mailman/listinfo/edgex-tsc

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.