README
¶
Access Control
Libraries and services for access control on the M-Lab platform.
Create JSON Web Keys
The m-lab/access package support JWK keys generated by jwk-keygen.
Create a signing key pair:
go get gopkg.in/square/go-jose.v2/jwk-keygen
~/bin/jwk-keygen --use=sig --alg=EdDSA --kid=1
Access Envelope Service
For new services, we want to balance access to the platform with protecting platform integrity and measurement quality.
Until a service supports access control natively, the "access envelope" service accepts access tokens, validates them, and upon acceptance, adds an iptables rule granting the client IP time to run a measurement before removing the rule again after a timeout.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package address supports managing access for a small pool of IP subnets using iptables.
|
Package address supports managing access for a small pool of IP subnets using iptables. |
|
cmd
|
|
|
Package controller provides various access controllers for use in socket-based and HTTP-based services.
|
Package controller provides various access controllers for use in socket-based and HTTP-based services. |
|
Package token provides support for parsing JSON Web Keys (JWK), creating signed JSON Web Tokens (JWT), and verifying JWT signatures.
|
Package token provides support for parsing JSON Web Keys (JWK), creating signed JSON Web Tokens (JWT), and verifying JWT signatures. |
Click to show internal directories.
Click to hide internal directories.