Comments (4)
jialez0
commented on August 16, 2024
1
Currently the attestation server is tightly couple with Open Policy Agent (OPA). It would be useful to make it modular and enable usage of alternative policy engines like kyverno.
@bpradipt It will be easy to realize the modularization of the policy engine (only need to do some additional encapsulation for the policy verification part), but we may need to redesign the message format of AS interacting with the policy engine to make it universal enough to support various policy engines. In the subsequent PR, perhaps we can achieve this.
from kbs.
jialez0
commented on August 16, 2024
@bpradipt Hi, after confidential-containers/attestation-service#24 be merged, I will raise a new PR to pluggable policy engine :)
from kbs.
bpradipt
commented on August 16, 2024
@bpradipt Hi, after confidential-containers/attestation-service#24 be merged, I will raise a new PR to pluggable policy engine :)
awesome @jialez0 :-)
from kbs.
jialez0
commented on August 16, 2024
Hi, @bpradipt , I have raise the PR confidential-containers/attestation-service#25 to solve this issue. Now you can review it.
from kbs.
Related Issues (20)
- KBS: Add a `Delete` method to /resource/{repository}/{type}/{tag} HOT 5
- AS: accessing configuration from verifiers HOT 3
- AS/Verifier: Support quote verification in multi-thread in tdx under high concurrent load HOT 1
- Rename Container Image Build Process from gRPC to RESTful
- kbs: Add support for configurable policy
- Using go instead of rust to implement trustee ? HOT 3
- AS: PolicyEngine should differentiate user and internal errors
- AS & RVPS | Proposal for an attestation applied policy format HOT 7
- Extend KBS to provide the resources required to create an encrypted overlay network HOT 13
- Release cadence? HOT 4
- AS: tdx-quote verification unit test fails HOT 5
- Reference values in evidence bundle HOT 6
- ci: IBM s390x image pushing failed
- Dockerfile: optimize the KBS image size
- kbs build warning when no `as` features are enabled
- kubernetes: Support for https key+cert in kustomize deployment
- `zero_repeat_side_effects` with `sgx_quote3_t`
- Add Choi as maintainer HOT 2
- KBS Cluster Start-Up documentation is outdated HOT 2
- Verifier bails instead of automatically fetching certificate from KDS HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kbs.