access

package

v0.0.1-alpha Latest Latest Go to latest Published: Mar 30, 2024 License: BSD-3-Clause Imports: 4 Imported by: 8

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dedis/dela

Documentation ¶

Overview ¶

Package access defines the interfaces for Access Rights Controls.

Documentation Last Review: 08.10.2020

Index ¶

type ContractCredential
- func NewContractCreds(id []byte, contract, command string) ContractCredential
- func (cc ContractCredential) GetID() []byte
- func (cc ContractCredential) GetRule() string
type Credential
type Identity
type Service

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ContractCredential ¶

type ContractCredential struct {
	// contains filtered or unexported fields
}

ContractCredential defines the credential for a contract. It contains the name of the contract and an associated command.

func NewContractCreds ¶

func NewContractCreds(id []byte, contract, command string) ContractCredential

NewContractCreds creates new credential from the associated identifier, the name of the contract and its command.

func (ContractCredential) GetID ¶

func (cc ContractCredential) GetID() []byte

GetID implements access.Credential. It returns the identifier for the credential.

func (ContractCredential) GetRule ¶

func (cc ContractCredential) GetRule() string

GetRule implements access.Credential. It returns the scope of the credential.

type Credential ¶

type Credential interface {
	// GetID returns the identifier of the credential.
	GetID() []byte

	// GetRule returns the rule that is targetted by the credential.
	GetRule() string
}

Credential is an abstraction of an entity that allows one or several identities to access a given scope.

As an example, the identifier is the username of a username/password pair. It defines the component to compare against. Then the password is the list of identities, verified beforehands, that will match, or won't, match to the identifier underlying permissions. The rule defines which scope should be verified so that the permissions can hold multiple of thoses.

-- 0xdeadbeef
   -- "myContract:sayHello"
      -- Alice
      -- Bob
   -- "myContract:sayBye"
      -- Bob

The example above shows two credentials for the contract "myContract" that is allowing two commands "sayHello" and "sayBye". Alice and Bob can say hello, but only Bob is allow to say bye. Alice can prove that she's allowed by providing the credential with the identifier 0xdeadbeef and the rule "myContract:sayHello".

type Identity ¶

type Identity interface {
	serde.Message

	encoding.TextMarshaler

	// Equal returns true when the other object is equal to the identity.
	Equal(other interface{}) bool
}

Identity is an abstraction to uniquely identify a signer.

type Service ¶

type Service interface {
	// Match returns nil if the credentials can be matched to the group of
	// identities.
	Match(store store.Readable, creds Credential, idents ...Identity) error

	// Grant updates the store so that the group of identities will match the
	// credentials.
	Grant(store store.Snapshot, creds Credential, idents ...Identity) error
}

Service is an access control service that can read the storage to find permissions associated to the credentials, or update existing ones.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
darc Package darc implements Distributed Access Rights Controls.	Package darc implements Distributed Access Rights Controls.
json
types Package types implements the darc messages.	Package types implements the darc messages.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL