Identifying CF Resources
Christopher Brown <cbrown@...>
The Permissions component ("Perm") we're building to store and evaluate roles for Cloud Foundry needs to be able to identify resources across component boundaries so that it knows which policies to apply for any given permission check. AWS does this using their ARN scheme.
I'd like to work out if something like this would be the correct approach for Perm. We'd like to find something which can identify resources across foundations and encode the object hierarchy into the resource identifier. For example, an application inside PWS could be identified by:
pws:cc:application/[org guid]/[space guid]/[app guid]
I don't want to get too into the weeds of the exact format yet but if you:
then I'd be interested in talking with you about this requirement and what the solution could look like.
All the best,
CF Permissions PM