Comments (5)
The idea sounds good to me!
- What should be the final structure of the config file?
An alternative structure with indentation would be:
[providers]
[providers."mbed-with-persistence"]
type = "mbed-userspace"
persist_keys = true
key_id_manager = "on-disk-manager"
converter = "protobuf"
[providers."mbed-without-persistence"]
type = "mbed-userspace"
persist_keys = false
key_id_manager = "on-disk-manager"
converter = "protobuf"
The names mbed-wth-persistence
are not needed for this file but could be logged somewhere and provide a way to add indentation on this file. I don't know which one is more readable.
In the listener
section there should probably be a type
as well in case different listeners are implemented?
- Should we move to generating provider ID dynamically?
I think it could be done in a later change with its specific design for simplicity.
- Do we offer the option of setting the provider ID in the configuration?
As the Key ID Manager uses the Provider ID in the path where it stores the Key ID mappings, a provider needs to have the same ID when the service restarts. For this reason, I guess it is a good idea to explicitely set an ID in the configuration.
- What happens if we have duplicate authenticators? (e.g. two "simple" authenticators with different default app names?)
Forbid having duplicate authenticators?
- Do we allow defaulting of parameters? (e.g the converter for providers would always be "protobuf", at least for a while)
I am in favor of that.
from parsec.
Aside note:
From man page daemon (7)
, it is said that systemd
daemons can receive the SIGHUP
signal to reload their configuration.
I am unsure of the security implications of that but for example, when this signal is received the threads could be joined, the current instances could be dropped and the configurator could be called again. That would be a nice feature 🍸
from parsec.
As per #50 it would be nice to add a logging option in the configuration that contains a binary option to have or not timestamps in the logs. I think by default it should be disabled.
from parsec.
Is there more work to do after #51 ?
from parsec.
I think the work done so far should cover this issue. If we need to do more things we can raise new issues specific to what other configurables will be added.
from parsec.
Related Issues (20)
- Yocto parsec build reports warnings related to build paths HOT 1
- Can we have a single "latest" Quickstart release package?
- Parsec fails to compile for arm32 HOT 4
- Vulnerability in SQLite HOT 3
- Investigate using Arm Virtual Hardware in CI
- Suggest using `/dev/tpmrm0` over `/dev/tpm`
- Parsec 1.1 fails to build with meta-security master branch HOT 4
- Parsec Quickstart - Docker: Pull access denied for parallaxsecond/parsec-quickstart, repository does not exist HOT 1
- Update cryptoki version to `0.4.1` HOT 1
- parsec 1.1.0/1.2.0-rc1 fail to build with gcc13 HOT 3
- Generate arm64 quickstart package
- Provide details of built-in providers
- Investigate e2e_tests failure on RasberryPi for PKCS11 backend
- Investigate e2e_tests failure on RasberryPi for TPM backend
- Migrate away from using users crate HOT 1
- Format check errors should only appear in one CI job
- parsec-quickstart container on arm64 HOT 1
- Improve PKCS11 failure mode HOT 1
- e2e_tests/stress.rs: Signature Verification fails sporadically with PsaErrorInvalidArgument
- parsec-cli-tests.sh error: The CSR does not contain the serialNumber field of the Distinguished Name HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parsec.