fusillade

Release 0.0.1

Federated User Identity Login & Access Decision Engine

Homepage PyPI Python

Keywords
access-decision-engine, aws-iam
License
MIT
Install
pip install fusillade==0.0.1

Documentation

Fusillade

Fusillade (Federated User Identity Login & Access Decision Engine) is a service and library for managing user authentication and authorization in federated services. Fusillade is built to be simple and to leverage well-known auth protocols and standards toegther with existing global, scalable and supported IaaS APIs.

  • The AuthN functionality in Fusillade consists of a login endpoint that delegates user authentication to any configured OpenID Connect compatible identity providers.
  • The AuthZ part of Fusillade is an ABAC system leveraging the familiar syntax and reliable infrastructure of AWS IAM.

Together, these two subsystems provide an easy API for your application to answer the following questions:

  • How do I instruct the user to log in?
  • Who is the user performing this API request?
  • Is this user authorized to perform action A on resource R?
  • How do I delegate to the user an appropriately restricted ability to access cloud (IaaS) resources directly through IaaS (GCP, AWS) APIs?

To do this, your application should define an access control model consisting of the following:

  • A list of trusted OIDC-compatible identity providers
  • A naming schema for actions (for example, GetWidget, CreateFolder, DeleteAppointment, UpdateDocument)
  • A naming schema for resources in the following format: arn:org-name:service-name:*:*:path/to/resource
  • A default policy assigned to new users, for example: 
    {
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "dss:CreateSubscription",
        "dss:UpdateSubscription",
        "dss:DeleteSubscription"
      ],
      "Resource": "arn:hca:dss:*:*:subscriptions/${user_id}/*"
    }
  ]
}

Installing and configuring Fusillade

Using Fusillade as a service

Using Fusillade as a library

Using Fusillade as a proxy

Bundling native cloud credentials

AWS

GCP

Service access control

To use Fusillade, your service must itself be authenticated and authorized. The access control model for this depends on how you're using Fusillade.

Library - Cooperative model

When using Fusillade as a library, your application's AWS IAM role is also your Fusillade access role. The library uses AWS Cloud Directory and AWS IAM using your application's IAM credentials. (TODO: add links for ACD/IAM IAM and show sample policy)

Service - Enforced model

When using Fusillade as a service, your application is itself subject to an IAM policy governing its ability to read and write permissions data. The Fusillade service administrator configures the Fusillade policy governing this in the service configuration.

Links

Bugs

Please report bugs, issues, feature requests, etc. on GitHub.

License

Licensed under the terms of the MIT License.

Travis CI PyPI version PyPI license Read The Docs

Stats

Dependencies
0
Dependent packages
0
Dependent repositories
0
Total releases
1
Latest release
First release
Stars
6
Forks
0
Watchers
31
Contributors
1
Repository size
525 KB
SourceRank
7

Development practices

Source repo 2FA enabled
TEXT!
Package manager 2FA enabled
TEXT!
Is security responsive
TEXT!
Dependencies are managed
TEXT!
Issue-free release available
TEXT!
Succession plan available
TEXT!
Package manager 2FA enabled
TEXT!

The Tidelift Subscription provides access to a continuously curated stream of human-researched and maintainer-verified data on open source packages and their licenses, releases, vulnerabilities, and development practices.

Learn more

Releases

0.0.1

Contributors

Andrey Kislyuk


See all contributors

Something wrong with this page? Make a suggestion

Export .ABOUT file for this package

Last synced: 2021-02-15 18:34:08 UTC

Login to resync this project