Skip to main content
  • Log in
  • Manage Cookies
projects.eclipse.org
Download
  • Projects
  • Working Groups
  • Members
  • Community
    • Marketplace
    • Events
    • Planet Eclipse
    • Newsletter
    • Videos
    • Blogs
  • Participate
    • Report a Bug
    • Forums
    • Mailing Lists
    • Wiki
    • IRC
    • Research
  • Eclipse IDE
    • Download
    • Learn More
    • Documentation
    • Getting Started / Support
    • How to Contribute
    • IDE and Tools
    • Newcomer Forum
  • More
      • Community

      • Marketplace
      • Events
      • Planet Eclipse
      • Newsletter
      • Videos
      • Blogs
      • Participate

      • Report a Bug
      • Forums
      • Mailing Lists
      • Wiki
      • IRC
      • Research
      • Eclipse IDE

      • Download
      • Learn More
      • Documentation
      • Getting Started / Support
      • How to Contribute
      • IDE and Tools
      • Newcomer Forum
    • Search

  1. Home
  2. Projects
  3. Eclipse IoT
  4. Eclipse Keti
  5. Eclipse Keti
×

Informative message

This proposal has been approved and the Eclipse Keti project has been created.
Visit the project page for the latest information and development.

Go to Project

Eclipse Keti

Basics
This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process) and is written to declare its intent and scope. We solicit additional participation and input from the community. Please login and add your feedback in the comments section.
Parent Project: 
Eclipse IoT
Background: 

Use cases in the industrial internet often have requirements for access control that are not satisfied by standards that are prevalent in the consumer space. For example, standards like OAuth 2.0 model privileges as flat lists of coarse-grained scopes that are granted for the entire user login session. Newer standards like UMA allow for finer-grained access control but do so in ways that require more client-side complexity. Additionally, Neither of these standards define a common way to write policies or manage privileges.

Meanwhile, in the enterprise space, the XACML standard has slowly gained traction. While XACML is a comprehensive standard, our experience has proved that it is costly to implement and comes with a steep learning curve. Thus, we decided to build a service that offered a simplified and comprehensive Attribute Based Access Control (ABAC) for RESTful APIs.

Scope: 

The Eclipse Keti project provides an access control service that protects RESTful APIs from unauthorized access.

Description: 

Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC).

The solution itself is implemented as a cloud-native RESTful API that adheres to the guiding principles of the twelve factor app. Key characteristics of the service include:

  • Central management of policies and privileges
  • The ability to manage hierarchical privileges (e.g. sub-groups) and scoped privileges (e.g. assigning elevated privileges based on the resource accessed)
  • A policy format tailored for developers who build RESTful APIs
  • An access control decision engine

Spring Boot is the primary framework that Keti is built on. Additionally Keti uses the following open source libraries:

  • Titan DB, an implementation of Apache TinkerPop, for it's graph data structure
  • Jedis as a Redis client for caching
  • Spring Security to protect it's API
  • Spring Data JPA for persistence to RDBMS

An operator deploys Keti in the same datacenter where the web services it protects are deployed. Either a common gateway, or the web service itself, sends requests for authorized access to Keti and enforces the decision received in the response. When deployed, Keti typically has the following service dependencies.

  • UAA as an OAuth server
  • Redis (optional) for decision caching
  • Cassandra through Titan DB for graph persistence
  • PostgreSQL, or H2 as a RDBMS

Below is a basic diagram of how Keti fits in the interaction between web application and web service.

Why Here?: 

The context of this work and the resources that it will protect are related to IOT use cases. Eclipse has a nexus of IOT related projects, and companies that support them, and the Keti project fits well together with them.

Licenses: 
Apache License, Version 2.0
Eclipse Distribution License 1.0 (BSD)
Project Scheduling: 

The initial contribution, which will include working builds, will happen shortly after acceptance.

Future Work: 
  • Support for managing multiple policy sets
  • Support for generic OAuth servers
  • Support for Basic authentication
  • Connectors for merging attributes from LDAP and SQL stores
People
Project Leads: 
Sanjeev Chopra
Committers: 
Matias Altman
Sanjeev Chopra
Siva Balan
Vineet Banga
Navyatha Bondugula
Sanjeev Chopra
Irina Epshteyn
Rupinder Guron
Brittany Johnson
Ilya Lipkind
Bhuvaneswari Ramkumar
Bharath Sekar
Henry Zhao
Mentors: 
Julien Vermillard
Interested Parties: 

Bosch Software Innovations GmbH

Source Code
Initial Contribution: 

We will provide a full inital release of the code. We own the copyright, and a number of companies have expressed an interest in joining the effort. We have performed scans on the code and can list all dependencies.

Source Repository Type: 
GitHub
Source Repositories: 
https://github.com/predix/acs/

Comments Sign in to post comments

Julien Vermillard's picture

IoT or Runtime?

Submitted by Julien Vermillard on Thu, 2016-09-22 12:00

Hi,

Looks great! Just a question: why limit it to IoT and not put it in "runtime" ? Because after taking a look at the code the scope looks broader than connected objects (a bit like jetty, which is a runtime project).

  • Log in to post comments
Kai Hudalla's picture

I agree with Julien, this

Submitted by Kai Hudalla on Tue, 2016-09-27 04:54

I agree with Julien, this seems to have a much broader applicability than just IoT :-)

Kai

  • Log in to post comments
Kai Hudalla's picture

Interested Party

Submitted by Kai Hudalla on Tue, 2016-09-27 04:55

Please add Bosch Software Innovations GmbH as an interested party.

Thanks,

Kai

  • Log in to post comments

Project Links

  • Getting Started
Incubating - Eclipse Keti

Related Projects

Project Hierarchy:

  • Eclipse IoT
  • Eclipse Keti

Tags

Technology Types
  • IoT and Edge
  • Runtime
Build Technologies
  • Jenkins

Eclipse Foundation

  • About Us
  • Contact Us
  • Sponsor
  • Members
  • Governance
  • Code of Conduct
  • Logo and Artwork
  • Board of Directors
  • Careers

Legal

  • Privacy Policy
  • Terms of Use
  • Copyright Agent
  • Eclipse Public License
  • Legal Resources

Useful Links

  • Report a Bug
  • Documentation
  • How to Contribute
  • Mailing Lists
  • Forums
  • Marketplace

Other

  • IDE and Tools
  • Projects
  • Working Groups
  • Research@Eclipse
  • Report a Vulnerability
  • Service Status

Copyright © Eclipse Foundation. All Rights Reserved.

Back to the top