RFC: Stateful Resource Policy #541
Comments
|
Is this aiming to handle "resource after public key" logic? |
|
I'm not sure exactly what you're referring to, but this could be used for a bunch of things like making sure that a guest requests something from a plugin (could be a public key) before it gets resources. You could also make sure that a certain set of resources is only accessed by a single guest at a time using some differentiating info in the init-data. In theory it can capture whatever logic your workload has. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Maybe we should add an option for stateful resource policies.
This would allow users to write policies that did things like releasing a secret N times or only releasing secret A after secret B has been released or never releasing secret B if secret A has been released.
There are some drawbacks to this. For one, we would probably have to have some kind of synchronization mechanism, which would likely slow down policy execution. As such, I think this would need to be an optional feature. Even so, it could be very powerful in certain cases.
The text was updated successfully, but these errors were encountered: