Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal for onvif secret data schema #78

Merged
merged 3 commits into from
Aug 8, 2023
Merged

proposal for onvif secret data schema #78

merged 3 commits into from
Aug 8, 2023

Conversation

johnsonshih
Copy link
Contributor

Propose a schema of secret information in discoveryProperties passed to Onvif DiscoveryHandler

related to project-akri/akri#250

@johnsonshih johnsonshih mentioned this pull request Jul 29, 2023
Merged
8 tasks
@diconico07
Copy link
Contributor

I'd add a way to add some default value to this, the rationale is while a default/unique password kind of defeat the purpose of authentication, it can make sense for device onboarding where they all come with a default factory set password.

I'd also add a device property indicating from where the authentication information comes from (the device property key ? and if it is default credentials), it would allow a workload to know where to find the right credentials.

@johnsonshih
Copy link
Contributor Author

I'd add a way to add some default value to this, the rationale is while a default/unique password kind of defeat the purpose of authentication, it can make sense for device onboarding where they all come with a default factory set password.

I'd also add a device property indicating from where the authentication information comes from (the device property key ? and if it is default credentials), it would allow a workload to know where to find the right credentials.

Add default credential support.
For the exposing hints of credential source, I'm not sure if that is useful, as the broker has the capability to mount Kubernetes Secret directly, brokers can easily get credential by device uuid. I'll defer adding that hint in a separate change after fully investigating the usage of hint.

@diconico07
Copy link
Contributor

I'd add a way to add some default value to this, the rationale is while a default/unique password kind of defeat the purpose of authentication, it can make sense for device onboarding where they all come with a default factory set password.
I'd also add a device property indicating from where the authentication information comes from (the device property key ? and if it is default credentials), it would allow a workload to know where to find the right credentials.

Add default credential support. For the exposing hints of credential source, I'm not sure if that is useful, as the broker has the capability to mount Kubernetes Secret directly, brokers can easily get credential by device uuid. I'll defer adding that hint in a separate change after fully investigating the usage of hint.

The main idea is, with your proposal a broker have to implement the exact same precedence between all sources, adding that property allows a broker to directly use the right source and it may ease debugging as well, as the credential source is shown. I agree that it's mostly a convenience property.

I won't block the proposal for this, it can be added later if we want to.

@johnsonshih johnsonshih merged commit d3c4bb9 into project-akri:main Aug 8, 2023
@johnsonshih johnsonshih deleted the onvif-dh-secret-schema branch August 8, 2023 16:29
@johnsonshih johnsonshih mentioned this pull request Aug 12, 2023
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diconico07 diconico07 diconico07 approved these changes

@kate-goldenring kate-goldenring Awaiting requested review from kate-goldenring kate-goldenring is a code owner

@bfjelds bfjelds Awaiting requested review from bfjelds bfjelds is a code owner

@romoh romoh Awaiting requested review from romoh romoh is a code owner

@jiria jiria Awaiting requested review from jiria jiria is a code owner

@edrickwong edrickwong Awaiting requested review from edrickwong edrickwong is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@johnsonshih @diconico07