frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-12-27 23:34:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Created Design: multiuser (markdown)

Nick O'Leary
2014-08-24 14:49:30 -07:00
parent d346decc45
commit 4c8c4aa144
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
Design:-multiuser.md Normal file

@@ -0,0 +1,19 @@
Node-red is currently a userless system. Anyone can point their browser at the runtime and edit the active flows.
When we talk about multiuser/multitenancy, there are a number of things that could mean.
* An editor that can be logged into by multiple users
* A runtime that runs the flows of multiple users
There are no immediate plans to change the runtime to support multiple, isolated flows. This item is focussed on what changes are needed in the editor and api to support multiple users.
An alternative runtime could be conceived that serves the editor and forwards individual user requests to individual runtime instances.
This must also consider how to seamlessly migrate from being userless to having a default user.
---
Need to investigate choices for authentication mechanism between a client and the runtime. It might not just be the editor; should be possible to secure http nodes using the same mechanism.
Is OAuth 2.0 - Resource Owner Password Credentials Grant (RFC 6749, Section 4.3) - a good starting point?