Coder Social home page Coder Social logo

idam's Introduction

Idam - Identity and Access Management

Idam is an identity and access management platform designed for homebot.

Design

Authentication

[TODO: outdated]

Like everything in Homebot, each identity has a unique resource name (URN) and can either represent a service or user account. Such an identity can authenticate at the IDAM gRPC server using it's password/secret and optional a time-based one-time-password (TOTP). Once authenticated the IDAM server issues a signed JSON Web Token to the identity containing the identity's URN (subject), a list of groups as well as the JWT standard claims with issuer (the URN of the IDAM server), expire-at and issued-at dates. Whenever the identity interacts with another Homebot service, the JWT should be included in the request (e.g. Authorization header for HTTP and HTTP2/gRPC). Just before the JWT expires, the idenity can request a new JWT token by re-authenticating at the IDAM server (if the token is still valid, password and OTP are not required).

Authorization

In future, a RBAC (Role-based access control) or ABAC (Attribute-based access control) will be implemented. To be designed ...

Cli Design

To be implemented; partly done

# Create a new user with role idam-admin and a group membership of [email protected] and enable 2FA
idamcli create user [email protected]   \
    --group [email protected]          \
    --role idam-admin                   \
    --first-name Admin                  \
    --last-name Istrator                \
    --with-2fa

# Create a new group and add the idam-admin role
idamcli create group [email protected] --role idam-admin

# Create a new custom role
idamcli create role idam-viewer         \
    --permission idam.identity.read
    --permissoin idam.identity.list

# Create a new custom permission
idamcli create permission myservice.weather.view

# Add a permission to a role
idamcli add permission myservice.weather.view role idam-viewer

# Remove a permission from a role
idamcli delete permission myservice.weather.view role idam-viewer

# Add a role to a group
idamcli add role idam-viewer group [email protected]

# Add a role to a user account
idamcli add role idam-admin group [email protected]

idam's People

Watchers

James Cloos avatar avatar

Forkers

ramy-ahmed

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.