Authentication and Authorization #955
Replies: 2 comments
-
Hi @Francesko90, thank you for sharing your thoughts on this! For authentication and authorization of YataiService(the model management and deployment automation component in BentoML), one challenge is that BentoML client code talks to YataiService via gRPC. Although Nginx supports proxying gRPC requests now, I'm not sure if it has out-of-the-box support for JWT authentication. For most users, I'd suggest going with a company VPN to protect YataiService, for an easier setup. Note that authentication using an SSL certificate is already supported, here's an example deployment of Yatai behind Nginx and how to configure the BentoML client certificate: https://docs.bentoml.org/en/latest/guides/yatai_service.html -- On a side note, for advanced use cases where a user management system and authorization are required, the BentoML team is building a commercial product BentoML for teams which covers all those aspects. We make it part of the commercial product because different companies often have very different strategies and requirements when it comes to security, and this usually leads to teams demanding heavy support and customization. Making it an option for paying customers makes more sense for both sides at the moment: BentoML team having revenue to keep building the software for the community and customers getting good support and security compliance guarantees. The commercial product is still in a very early development stage, let me know if you are interested in beta testing it! |
Beta Was this translation helpful? Give feedback.
-
Thank you @parano I didn't count gRPC so I don't know if my architecture can work in this case. -- Thanks for opportunity to test the beta software of commercial product, I will let you know; now I have the constraint to use opensource project |
Beta Was this translation helpful? Give feedback.
-
Hi,
I was thinking a way to add Authentication and Authorization to BentoML, maybe using a proxy (Nginx with support of ldap) in front of a yatai service.
I think that a flow, as report on following figure, can be work for authentication:
Authentication can be satisfy using a simple proxy in front of a yatai, but for authorization it's necessary add a modification to name model (I swear) like dockerhub and github
In this case proxy need to filter request only for artifcat and model created by team.
I'm new and I don't so much of BentoML maybe I miss other use case that not permit this logic
Beta Was this translation helpful? Give feedback.
All reactions