Comments (5)
I wonder whether we have or will have an API which can be used to "registry" a resource in the KBS? Here "registry" means
- Allocate repository, type and tag for a new resource (as https://github.com/confidential-containers/kbs/blob/main/docs/kbs.yaml#L74)
If so, maybe we can flexibly add new resources in need for test and for production
from kbs.
I think it's still an open question how exactly we should handle client resources. There is a huge range of options. We could do something really simple where every resource is just an opaque blob with an ID. On the other hand we could have the KBS automatically generate certain resources (such as signature policy files) based on which workload is running. I think we probably should have some kind of workload-level abstraction (i.e. a workload ID), but I'm not sure what is optimal. Looking forward to discussing with everyone.
I think a lot of @Xynnn007's issues like confidential-containers/guest-components#50 are somewhat connected to this.
from kbs.
Hi @fitzthum , to deal with this, we've proposed a scheme here confidential-containers/documentation#85. I think this scheme can be fit with permission control and authentication design for KBS
from kbs.
This issue could be covered by #25
from kbs.
Now cc-kbc of AA and KBS can support broking resources described in this issue, so this issue can be closed now.
As for how exactly we should handle client resources, we can discuss the improvement in detail in a new issue in the future.
from kbs.
Related Issues (20)
- KBS: Add a `Delete` method to /resource/{repository}/{type}/{tag} HOT 5
- AS: accessing configuration from verifiers HOT 3
- AS/Verifier: Support quote verification in multi-thread in tdx under high concurrent load HOT 1
- Rename Container Image Build Process from gRPC to RESTful
- kbs: Add support for configurable policy
- Using go instead of rust to implement trustee ? HOT 3
- AS: PolicyEngine should differentiate user and internal errors
- AS & RVPS | Proposal for an attestation applied policy format HOT 7
- Extend KBS to provide the resources required to create an encrypted overlay network HOT 13
- Release cadence? HOT 4
- AS: tdx-quote verification unit test fails HOT 5
- Reference values in evidence bundle HOT 6
- ci: IBM s390x image pushing failed
- Dockerfile: optimize the KBS image size
- kbs build warning when no `as` features are enabled
- kubernetes: Support for https key+cert in kustomize deployment
- `zero_repeat_side_effects` with `sgx_quote3_t`
- Add Choi as maintainer HOT 2
- KBS Cluster Start-Up documentation is outdated HOT 2
- Verifier bails instead of automatically fetching certificate from KDS HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kbs.