I think it was clear, yes. Projects like this one seem right in my wheelhouse (if I'd heard of CEL before, anyway) and I definitely appreciate seeing other people do things like this.
Yeah a big motivation for us was avoiding the need to keep another system up to date. Gatehouse basically sits at the execute policy layer, and we let the application code decide how to unify the data (or not).
Oso local authorization looks like a fantastic solution.
You're spot on - we wanted to support some async graph traversal calls similar to the ReBAC example and therefore made the evaluate_access call async. I also wanted to support short circuiting such that somewhat expensive IO calls might be skipped by returning early from a policy that didn't need to make that call.
I did put licence = "Apache-2.0" in the Cargo.toml but Partly is okay with it being MIT. Update the repo to explicitly add the license text now. Thanks for the call out
It's particularly useful for detecting issues such as inadvertent IAC changes that can have significant consequences on your cluster's network connectivity and security.
Netchecks has:
* An easy-to-use CLI netcheck for running network checks locally.
* A helm installable operator for Kubernetes: create "NetworkAssertions" to have netchecks periodically ensure your cluster's network conditions are working as specified.
* Monitoring and alerting: integrate with Prometheus and Alertmanager to monitor your network checks' results and receive alerts for any discrepancies.
* Custom validation rules using CEL expressions, allowing you to specify precise conditions for checks to pass or fail.
Even with partially homomorphic encryption and additional "privacy preserving protocols" you can carry out pretty general computation tasks such as machine learning. Have a look at this blog post using the Paillier cryptosystem for a federated linear regression - https://blog.n1analytics.com/distributed-machine-learning-an...
