API authentication
Brad Bishop
bradleyb at fuzziesquirrel.com
Thu Mar 21 00:18:59 AEDT 2019
On Mon, Mar 18, 2019 at 09:58:33AM -0500, Joseph Reynolds wrote:
>On 2019-03-18 05:35, Brad Bishop wrote:
>>I am looking for ideas on how to implement a mechanism to restrict
>>access to
>>specific methods of a service/API (e.g. Redfish).
>>
>>This would be orthogonal to role-based authorization - e.g. the
>>authorization
>>would be provided by someone other than the system administrator -
>>e.g. the
>>system manufacturer.
>
>Is this a followup to the March 4 OpenBMC Community call?
>https://github.com/openbmc/openbmc/wiki/Weekly-Community-Telecon
>
>My understanding is that we would design and code the BMC with
>functions for things like manufacturing test and specialized
>diagnostics ... functions which could harm the device, etc. So we
>want the functions to be present for manufacturing test and service
>calls, but locked out for all other users. Is that what this
>mechanism is for?
I hadn't thought of mfg mode commands as a use case for this but on the
surface it does seem to be a match.
More information about the openbmc
mailing list