Project

General

Profile

Actions

Feature #5257

open

Initializing Requester Names via Controller Certs

Added by Adam Thieme over 1 year ago. Updated over 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Start date:
04/04/2023
Due date:
% Done:

0%

Estimated time:

Description

Right now, the parser constructs attribute, stream, and requester name trees based on the names listed in the available-streams file.

If we can pass these names to the parser via the certificates the controller is configured with, a system administrator will not need to manually add these names to the available-streams file. However, a malicious certificate could cause ABE policies to be written for that malicious requester.

If we use the available-streams file, malicious certs that are loaded in the controller do not add requesters to policies.

We should also change the name of this file, regardless of internal changes.

Actions

Also available in: Atom PDF