-
Notifications
You must be signed in to change notification settings - Fork 0
/
.todo
31 lines (23 loc) · 1.07 KB
/
.todo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
GATEKEEPER (CLIENT REQUEST ACCESS CONTROL)
- Implement actual user principal retrieval validation/authentication
Given credentials presented by client:
Bearer token (authentication):
- Validate token.
- Resolve token to active principal in datastore.
- Attach principal to session for later use by middleware.
CSRF token (non-repudiation):
- Validate CSRF token against last known CSRF of principal.
- Generate new CSRF token.
- Attach new CSRF token to response headers.
- Implement per-principal rate limiting.
FEDERATED SERVICES FRAMEWORK
- Framework for dynamic service registration. (DONE)
- Framework should not require services to be configured before startup.
Instead, services should be able to register one or more endpoints after
federator startup.
- API node registration request & client service request tracking via UUID
- Generate UUID for every request.
- When logging request events, provide UUID to aid in monitoring and
troubleshooting.
- Pass UUID to proxied API nodes via HTTP header to allow federator-node
logging.