Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Model and Considerations #144

Open
snnsnn opened this issue Oct 10, 2022 · 0 comments
Open

Security Model and Considerations #144

snnsnn opened this issue Oct 10, 2022 · 0 comments

Comments

@snnsnn
Copy link

snnsnn commented Oct 10, 2022

Hi,

Lunatic seems like a very promising project and I was wondering if you have any security model in place?

Actor to actor calls may not pose a serious security threat but actors using capabilities without explicit permissions certainly does and takes away some of the security guarantees provided by using webassembly modules.

Is there a way to enforce signed artifacts (wasm modules and capability providers)?

I have been following wasmcloud for quite some time, which is also based on actor model, employs zero trust model, uses webassembly modules for its workload and share certain goals and ambitions with lunatic.

Wasmcloud has been around for about four years and it has very well thought out security model. The project uses RFC process and documents its architectural decisions on a journal which can be accessed at https://wasmcloud.github.io/adr/.

Initial project was based on actix but moved to OTP due to some drawbacks originating from actix. Since issues are not migrated, the old github repo also has previous discussions and some unimplemented RFCs.

Since they have similar goals and ambitions, maybe you can benefit from their discussions and design decisions.

Regards

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant