Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Design IMP exec verification steps #46

Open
grondo opened this issue Feb 2, 2018 · 0 comments
Open

Design IMP exec verification steps #46

grondo opened this issue Feb 2, 2018 · 0 comments
Assignees
@grondo
Milestone
IMP-exec-subcommand

Comments

@grondo
Copy link
Contributor

grondo commented Feb 2, 2018

Verification of IMP input for the exec subcommand is largely detailed in RFC 15. The privileged part of the IMP, after receiving input in struct kv format, will need to determine validity and integrity of the signed input from from the guest user as well as the validity of the "owner" (real UID executing the IMP) to request resources described in the input, and whether or not they have been granted authorization to run the guest's job (or whether they are allowed to run the IMP at all).

Some mechanisms used here may be described in existing issues here, e.g. verification of public cert (#43) and the basic verification APIs. This issue is for design and implementation of the high-level verification steps within the privileged part of the IMP.
@grondo grondo added this to the IMP-exec-subcommand milestone Feb 2, 2018
@grondo grondo self-assigned this Feb 13, 2018
@SteVwonder SteVwonder mentioned this issue Jul 10, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@grondo grondo

Labels
None yet
Projects
None yet
Milestone
IMP-exec-subcommand
Development

No branches or pull requests
1 participant
@grondo