veyron/services/identity/identityd: Pretty rendering of the audit log.
After an OAuth-based login, a page is rendered that shows all the blessings
that have been provided for the email address obtained from that OAuth login.
Thus, we have a web-UI for checking all the blessings the identity provider
has for your (google-based) email address.
(Sample rendering:
https://f56a0ce259097876b8dbe8b112dabd0a9d098944.googledrive.com/host/0B6hSq_BuofMFeXdkMHMxUDZmYTg/blessings.html)
Future plans:
- A "revoke" button in this UI that makes the blessing invalid
(will require adding a revocation caveat to all identities issued
and also maybe a change in how we store this information - since
the audit log will have to be summarized so that revocations
can be associated with blessings)
- An RPC service for obtaining this information (instead of a web-only service
that requires OAuth).
Change-Id: Ic1d36a1550ac706e92bfcdfa852da4fca52d18c4
2 files changed
