Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/m-lab/access

Libraries and services for access control to the M-Lab platform
https://github.com/m-lab/access

Last synced: about 1 month ago
JSON representation

Libraries and services for access control to the M-Lab platform

Host: GitHub
URL: https://github.com/m-lab/access
Owner: m-lab
License: apache-2.0
Created: 2020-03-10T16:24:17.000Z (almost 5 years ago)
Default Branch: main
Last Pushed: 2024-08-20T20:14:42.000Z (4 months ago)
Last Synced: 2024-10-29T16:04:34.293Z (about 2 months ago)
Language: Go
Size: 131 KB
Stars: 1
Watchers: 12
Forks: 1
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Access Control

[![godoc](https://godoc.org/github.com/m-lab/access?status.svg)](https://godoc.org/github.com/m-lab/access)
[![go report card](https://goreportcard.com/badge/github.com/m-lab/access)](https://goreportcard.com/report/github.com/m-lab/access)

Libraries and services for access control on the M-Lab platform.

## Create JSON Web Keys

The `m-lab/access` package support JWK keys generated by `jwk-keygen`.

Create a signing key pair:

```sh
go get gopkg.in/square/go-jose.v2/jwk-keygen
~/bin/jwk-keygen --use=sig --alg=EdDSA --kid=1
```

## Access Envelope Service

For new services, we want to balance access to the platform with protecting
platform integrity and measurement quality.

Until a service supports access control natively, the ["access envelope"
service](cmd/envelope/README.md) accepts access tokens, validates them, and
upon acceptance, adds an iptables rule granting the client IP time to run a
measurement before removing the rule again after a timeout.