A serverless identity, access, accounting, storage and compute management system
(C) Christopher Woods 2018 - Released under the Apache 2 License
pip install acquire
An Access, Accounting, Authorisation (Identity), Storage and Compute Infrastructure for the Cloud
Acquire is a AAAI infrastructure for the cloud. It provides a cloud-neutral platform to cover the following five functions:
Authorisation (Identity) management : Enables users to securely identify themselves and generate secure identity tokens that can be given to other services to authorise actions.
Access management : Enables users to request access to resources. Users identify themselves via the Identity service and pass authorisation tokens to the access service to request access.
Accounting : Enables users to control and track their usage. Users identify themselves to the identity service, request access to resources via the access service, which then checks the accounting service to see if sufficient funds exist to pay for access, and submits an invoice for payment. Once the access has been provided it is receipted and funds transferred. In this way, users have control over their spending, with a full audit trail providing financial and usage accounting for their use of a system.
Storage : Enables users to store and share data. Users create Drives which are located on storage services and can pay up-front for short- and long-term storage of data in those Drives. Access Control Lists allow individual files or Drives to be shared with any user or group identifiable via the Identity service, or via permanent publicly-visible URLs. Files are versioned, and can be moved between "hot" (quick) and "cold" (slow but cheap) storage. This provides a thin-wrapper over the object store capabilities of each cloud.
Compute : Enables users to request access to compute on-demand, e.g. via single instances or elastic clusters such as cluster in the cloud. Compute is paid for up front and is provided via any cloud that runs a Compute Service that accepts payment via the Accounting Service, and runs jobs securely authorised by users identified via the Identity Service. The service is completely elastic, meaning that users only pay up-front for compute they actually use.
Cloud Native and Highly Scalable
Acquire is built as a cloud-native application. It is written as a set of serverless functions which manages state via a central object store.
Serverless: Acquire uses the open source Fn project. This is a container-native serverless platform that can run anywhere -- any cloud or on-premise. It works by packaging up function code into docker containers that are executed on demand based on triggers from http/https end-points.
Object store: Acquire uses a thin abstraction around common object stores to read and write all data. This provides global access to data with high security (all object store data is encrypted in transport, and encrypted at rest with rotating keys).
The combination of these two technologies allows Acquire to be highly scalable. There are no "idle servers", as compute is consumed only when Acquire functions are called. As demand increases, more resources are provisioned to automatically scale with the load.
The three services in Acquire build on top of each other, yet are completely separated. Each service is designed to run on its own object store / Fn server, thereby allowing them to be distributed between multiple services in multiple regions (and even between multiple cloud providers). Separation of services increases security, as compromising the accounting service would not have any impact on the identity service (not that compromising any service should be easy!).
Release history Release notifications | RSS feed
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.