starred/pikvm-pikvm
1
0
Fork 0
mirror of https://github.com/pikvm/pikvm.git synced 2026-03-02 18:16:56 -05:00
Code Issues 133 Projects Packages Wiki Activity

Implement a richer AuthZ model #1099

New issue
Open
opened 2026-02-20 14:11:03 -05:00 by deekerman · 1 comment
deekerman commented 2026-02-20 14:11:03 -05:00
Owner
Copy link

Originally created by @simonarnell on GitHub (Jan 10, 2026).

Originally assigned to: @mdevaev on GitHub.

Is your feature request related to a problem? Please describe.
When using the PiKVM Switch, it would be great to specify which ports of the Switch a given user is authorised to access and what functions they can perform, this latter aspects applies to PiKVM more generally than just with use of the Switch.

Describe the solution you'd like
An OIDC (requiring #161) claims-based model for AuthN, allowing for the offloading of AuthN and user attribute enrichment. Whilst a Policy Decision Point implemented in something like OPA could supply which ports / functions a given identity / group / attribute is authorised to access and the PiKVM API endpoints can serve as the Policy Enforcement Point.

Logging of which identities (un)successfully accessed which ports would be a great further addition.

Describe alternatives you've considered
The ability to specify on a per PiKVM basis, the ACLs for users / groups, specifying which ports and functions they can perform - perhaps using a device local instance of OPA.

Additional context
N/A

Originally created by @simonarnell on GitHub (Jan 10, 2026). Originally assigned to: @mdevaev on GitHub. **Is your feature request related to a problem? Please describe.** When using the PiKVM Switch, it would be great to specify which ports of the Switch a given user is authorised to access and what functions they can perform, this latter aspects applies to PiKVM more generally than just with use of the Switch. **Describe the solution you'd like** An OIDC (requiring #161) claims-based model for AuthN, allowing for the offloading of AuthN and user attribute enrichment. Whilst a Policy Decision Point implemented in something like OPA could supply which ports / functions a given identity / group / attribute is authorised to access and the PiKVM API endpoints can serve as the Policy Enforcement Point. Logging of which identities (un)successfully accessed which ports would be a great further addition. **Describe alternatives you've considered** The ability to specify on a per PiKVM basis, the ACLs for users / groups, specifying which ports and functions they can perform - perhaps using a device local instance of OPA. **Additional context** N/A
deekerman commented 2026-02-20 14:11:04 -05:00
Author
Owner
Copy link

@mdevaev commented on GitHub (Jan 18, 2026):

It's a good idea, but we're busy with other tasks right now. I'll keep it for the future.

@mdevaev commented on GitHub (Jan 18, 2026): It's a good idea, but we're busy with other tasks right now. I'll keep it for the future.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
gh-pages
No results found.
Labels
Clear labels   
component:documentation

   
help wanted

   
resolution:delayed

   
resolution:duplicate

   
resolution:fixed

   
resolution:invalid

   
resolution:rejected

   
resolution:wontfix

   
success story

   
type:bug

   
type:bug

   
type:feature

   
type:question

   
type:question
No labels
component:documentation
help wanted
resolution:delayed
resolution:duplicate
resolution:fixed
resolution:invalid
resolution:rejected
resolution:wontfix
success story
type:bug
type:bug
type:feature
type:question
type:question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/pikvm-pikvm#1099
No description provided.