Conversation

Notices

:abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 10:00:47 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:

now to work on mapping these signatures to virtual capabilities.

things we will need:

- policy hook (to determine what capabilities a signed request may or may not be granted)

- access control of fetches based on possessed capabilities

- modification of elixir plugs to handle the actual capability mapping (and structured in a way where it can work with bearcap invocations later)

In conversation Thursday, 18-Jul-2019 10:00:47 EDT from pleroma.site permalink
1. :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 10:18:19 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
  in reply to
  
  basic plan:
  
  - new plug: MappedSignatureToIdentityPlug. maps the valid signature to the identity of the signature based on it's KeyID.
  
  - new plug: MappedIdentityToCapabilityPlug. maps the valid identity or null identity to a bounded set of capabilities according to the configured policy hooks. default policy grants access to anyone, like MRF.
  
  - control access based on mapped capabilities (effectively noop by default policy since it's accept-all)
  
  - rework non federation traffic to also leverage mapped capabilities
  
  In conversation Thursday, 18-Jul-2019 10:18:19 EDT from pleroma.site permalink
  1. :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 10:20:39 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
    in reply to
    
    the path to adopting bearcaps then becomes:
    
    - wait for bearcap spec to come out
    
    - adapt bearcaps to internal capabilities using a plug to map the bearcap to identity + capability set
    
    - implement bearcap negotiation strategy
    
    - get other implementations to switch to bearcaps
    
    - eventually stop using signatures altogether
    
    In conversation Thursday, 18-Jul-2019 10:20:39 EDT from pleroma.site permalink
    1. :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy: (kaniini@pleroma.site)'s status on Thursday, 18-Jul-2019 10:29:12 EDT :abunhdhappyhop: :abunhdhappy: :abunhdhop: :abunhd: :abunhdhappyhop: :abunhdhappy:
      in reply to
      
      my intention is for Pleroma to take a secure-by-default stance. this is congruent with our historical security posture.
      
      it will be possible to disable capability enforcement and such, but that won't be the default, for good reason.
      
      In conversation Thursday, 18-Jul-2019 10:29:12 EDT from pleroma.site permalink

Public

Notices