Skip to content

Enable multiple authenticators to work simultaneously #271

New issue
New issue
Open
Open
Enable multiple authenticators to work simultaneously#271
Labels
largeEffort labelmultitenancyGetting Parsec to provide isolated key stores for multiple clients based on an identity mechanism
@hug-dev

Description

@hug-dev
hug-dev
opened on Oct 14, 2020

Currently only one authenticator is allowed to work in Parsec.
The reason is that the OnDiskKeyInfoManager stores the KeyTriple to KeyInfo mappings as a directory structure:

    /// mappings_dir_path/
    /// |---app1/
    /// |   |---provider1/
    /// |   |   |---key1
    /// |   |   |---key2
    /// |   |   |   ...
    /// |   |   |---keyP
    /// |   |---provider2/
    /// |   |   ...
    /// |   |---providerM/
    /// |---app2/
    /// |   ...
    /// |---appN/

If we were to add one more layer for AuthType, and then transform the KeyTriple into a KeyFourtuple, old mappings will not be compatible with new ones directly.

That task is about making the necessary changes in Parsec for it to work with multiple authenticators securely. There are changes needed:

  • in the ManageKeyInfo trait and the key_info_managers modules
  • in the Provide trait and implementations to support passing, along the ApplicationName, the AuthType as well

One thing that could also be done is implement a new KeyInfo Manager that supports multiple authenticators and that supports it from start! That way the restriction will only apply to the old OnDiskKeyInfoManager.

Metadata

Metadata

Assignees

No one assigned

    Labels

    largeEffort labelmultitenancyGetting Parsec to provide isolated key stores for multiple clients based on an identity mechanism

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions