Skip to content

Commit

Permalink
minor wording
Browse files Browse the repository at this point in the history
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
  • Loading branch information
zhaohuabing committed May 1, 2024
1 parent a0cc42c commit 4f2ad71
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions site/content/en/contributions/design/wasm-extension.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,13 +37,13 @@ will be configurable.

**Authn & Authz:**
* To prevent unauthorized proxies from accessing the Wasm modules, the communication between the Envoy and EG will be
secured using mutual TLS.
* To prevent unauthorized users from accessing the Wasm modules, the user who creates the EEP must have the appropriate
permissions to access the OCI registry. For example, if two users create EEPs in different namespaces (ns1, ns2) accessing
the same OCI image, each must also create a unique secret with registry credentials (secret1 for user1 in ns1, secret2 for user2 in ns2).
EG will validate the provided secret against the OCI registry before serving the Wasm module to the target HTTPRoute/Gateway of that EEP.
* To prevent unauthorized users from accessing the Wasm modules, the download URL will be appended with a generated secret
suffix that can be validated by the EG.
secured using mutual TLS.
* To prevent unauthorized access to the Wasm modules, the user who creates the EEP must have the appropriate permissions
to access the OCI registry. For example, if two users create EEPs in different namespaces (ns1, ns2) accessing the same
OCI image, each must also create a unique secret with registry credentials (secret1 for user1 in ns1, secret2 for user2 in ns2).
EG will validate the provided secret against the OCI registry before serving the Wasm module to the target HTTPRoute/Gateway of that EEP.
* To prevent unauthorized access to the Wasm modules, the download URL will be appended with a generated secret suffix
that can be validated by the EG.

## Alternative Considered

Expand Down

0 comments on commit 4f2ad71

Please sign in to comment.