Skip to content

doc(0040): trusted client attributes#113

Open
savonarola wants to merge 1 commit into
emqx:mainfrom
savonarola:20260701-trusted-attrs
Open

doc(0040): trusted client attributes#113
savonarola wants to merge 1 commit into
emqx:mainfrom
savonarola:20260701-trusted-attrs

Conversation

@savonarola

@savonarola savonarola commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

This EIP introduces a provenance-aware security context for ClientInfo users.
Instead of treating full runtime ClientInfo as authority-bearing data, post-authentication security-sensitive consumers receive a trusted projection derived only from EMQX-controlled fields, authenticator outputs, and explicitly validated client fields.

@savonarola savonarola force-pushed the 20260701-trusted-attrs branch 4 times, most recently from dd6811a to 0c930f6 Compare July 2, 2026 13:50
@savonarola savonarola marked this pull request as ready for review July 2, 2026 13:50
@savonarola savonarola force-pushed the 20260701-trusted-attrs branch from 0c930f6 to 3593fe2 Compare July 2, 2026 14:09

@zmstone zmstone left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe build

* The trusted attributes are those that come from trusted sources.
* We trust, e.g., listener/zone attributes because they are set by EMQX itself.
* We trust attributes that come from authenticator, like `auth_expire_at`, `acl`, `is_superuser`, any additional attributes set by the authenticator.
* We trust attributes that were validated by the authenticator, e.g. `clientid`, `tns` if clientid-based builtin authentication was used.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you mean by parsing the auth-chain configuration?
for external authenticator, we parse the request templates to find placeholders?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for external authenticators, we of course cannot guess the used templates, so they will need to return trusted attributes (clientinfo mask) explicitly.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this can be easy to support for HTTP authenticator.
but will need to define the contract for other backends

Comment thread active/0040-trusted-client-info.md
@savonarola savonarola changed the title docs(0040): trusted client attributes doc(0040): trusted client attributes Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants