Who do I contact to get access? Thanks.

did speedle support rbac3？

speedle-pms --help provided attribute prefix. for auditlog-reportcaller wrongly uses prefix Log config. It should be Audit Log config to be consistent with other attributes.

  --auditlog-reportcaller string       Log config: if the caller(file, line and function) is included in the log entry. (default "false")

design and implement PEP API for Python. The API will help Python programmers to enforce authorization check in their applications.

Seems the keyword "role" is treated as role name in below scenario. It is a bug.

spctl create rolepolicy -c "grant user wcai role admin if b =c" --service-name=sjSXI7xvE6uRtohxQWDiVSK9v8zPpXxHL
rolepolicy created
{"id":"4c2tsjz4s2kae3getn2j","name":"","effect":"grant","roles":["role"],"principals":["user:wcai"],"metadata":{"createtime":"2019-04-09T11:38:08Z"}}

src/github.com/oracle/speedle/setTestEnv.sh: connect: Connection refused
dev/src/github.com/oracle/speedle/setTestEnv.sh: line 80: /dev/tcp/localhost/6733: Connection refused

Does the script spin up the sever or not?
If not, can you enhance the script to do so?

Currently, we do nothing when users try to shut down services such as PMS, ADS. We need to handle a signal SIGQUIT and shut down services gracefully.

https://github.com/oracle/speedle/blob/master/samples/integration/istio-integration/Makefile , line#11 pulls the older version of Istio for installing Speedle. .

We should remove the flags '--single-branch --branch release-1.0' to get the latest Istio version.

So far it's B - Not Bad!

https://goreportcard.com/report/github.com/oracle/speedle

We need some effort to get better rating.

Add playground to Speedle website.

Integrate Speedle into Sprint security framework.

https://spring.io/guides/topicals/spring-security-architecture

currently, we don't have performance data. We need to add benchmark test cases for Evaluator.IsAllowed().

Currently, Golang 1.10 is recommended, and Golang 1.12 has a built-in package management tool module.

We may need to use this instead of the 3rd party management tool dep to follow the official behavior.

To use this tool, we need to use Golang 1.12 for building and testing.

Enrich built-in function/attribute set

design and implement PEP API for NodeJS. The API will help NodeJS programmers to enforce authorization check in their applications.

Please ignore it, this is the first issue.

https://blog.speedle.io

The 'token assertor' link points to https://speedle.io/support/docs/assertor. It should be pointing to https://speedle.io/docs/assertor/. The broken link is seen in the last QA page on the https://speedle.io/support/ page.

design and implement PEP API for PHP. The API will help PHP programmers to enforce authorization check in their applications.

> spctl create policy -c "grant user user1 get,del res1" --service-name=sbqoJ3xoe0Xj4vHe3fOVEeL-SgRj0mg0X
policy created
{"id":"2l5i5cjttxdfxf7aqu2w","name":"","effect":"grant","permissions":[{"resource":"res1","actions":["get","del"]}],"principals":[["user:user1"]],"metadata":{"createtime":"2019-04-09T13:23:36Z"}}
> spctl create policy -c "grant user user1 get,del res1" --service-name=sbqoJ3xoe0Xj4vHe3fOVEeL-SgRj0mg0X
policy created
{"id":"keg3dzc6f6dlv3mhpuc7","name":"","effect":"grant","permissions":[{"resource":"res1","actions":["get","del"]}],"principals":[["user:user1"]],"metadata":{"createtime":"2019-04-09T13:23:38Z"}}

We should order principals/resources/permissions and compare the policies (ignore name and metadata), if they are the same, return an error.