Skip to content

Latest commit

 

History

History
27 lines (18 loc) · 988 Bytes

README.md

File metadata and controls

27 lines (18 loc) · 988 Bytes

Access Control

godoc go report card

Libraries and services for access control on the M-Lab platform.

Create JSON Web Keys

The m-lab/access package support JWK keys generated by jwk-keygen.

Create a signing key pair:

go get gopkg.in/square/go-jose.v2/jwk-keygen
~/bin/jwk-keygen --use=sig --alg=EdDSA --kid=1

Access Envelope Service

For new services, we want to balance access to the platform with protecting platform integrity and measurement quality.

Until a service supports access control natively, the "access envelope" service accepts access tokens, validates them, and upon acceptance, adds an iptables rule granting the client IP time to run a measurement before removing the rule again after a timeout.