Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthN,Z between DCP components #99

Closed
rhiananthony opened this issue Jul 31, 2018 · 1 comment
Closed

AuthN,Z between DCP components #99

rhiananthony opened this issue Jul 31, 2018 · 1 comment
Assignees
@stahiri
Labels
DevSecOps Tickets that require DCP DevSecOps Epic
Milestone
Q3 2019 Milestone 2

Comments

@rhiananthony
Copy link
Contributor

rhiananthony commented Jul 31, 2018
edited by kbergin
Loading

As the Data Coordination Platform, we want to be protected, to protect each of our services from each other, and to protect the human subjects data we have. This requires authn and authz on our endpoints and on any access routes.

All components in a secure and federally compliant system need to have four main features: authentication #73 , authorization (also #101 ), audit trails #103 , and encryption #102 in other tickets. Even if hosting public data, a system containing Federal Government data still needs to have these features for all of the administrative and operational components to maintain integrity. This has the added benefit of enabling reuse of components in more settings than the HCA. Even though the first use of the DCP Blue Box (HCA) is an open data store, we need to add authentication to components of the DCP. Some of these will be operations-facing, those that are user-facing will be configurable so that they can be turned off during HCA DCP deployment.

This can be implemented/is already in a more manual way. But implementing it by framework would be great to have in the future
@rhiananthony rhiananthony added DevSecOps Tickets that require DCP DevSecOps Product labels Jul 31, 2018
This was referenced Jul 31, 2018
Closed
Open
Closed
@kbergin kbergin added the Epic label Aug 8, 2018
@kbergin kbergin removed the Product label Nov 27, 2018
@kozbo kozbo removed the CBeta label Jan 29, 2019
@sampierson sampierson mentioned this issue Feb 26, 2019
Closed
@sampierson sampierson changed the title Operations AuthZ by framework AuthZ between DCP components Feb 26, 2019
@sampierson sampierson changed the title AuthZ between DCP components AuthN,Z between DCP components Feb 27, 2019
@stahiri stahiri added this to the Q3 2019 Milestone 1 milestone Jul 18, 2019
@Bento007
Copy link
Member

Bento007 commented Aug 8, 2019

This is complete. The remaining work is in #101

@Bento007 Bento007 closed this as completed Aug 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stahiri stahiri

Labels
DevSecOps Tickets that require DCP DevSecOps Epic
Projects
None yet
Milestone
Q3 2019 Milestone 2
Development

No branches or pull requests
8 participants
@sampierson @Bento007 @brianraymor @rhiananthony @kbergin @kozbo @theathorn @stahiri