Update Security Model #10148
Update Security Model #10148
Conversation
So they'll be on the same line when rendered on the site.
|
I'm on the other side of the fence on the commas. It looks like there are a lot more commas than there should be. Specifically outside of lists >= 3 elements. |
|
😅 I can totally see what you mean @angrycub. For whatever reason I decided to be consistent with them after realizing I was being inconsistent overall. Both are bad, but also good. |
There was a problem hiding this comment.
@picatz, I made a bunch of suggestions to hopefully help out with the commas. There are a couple of places where I made some content suggestions which you can use or not. Also, I was doing it in the webui, so hopefully I didn't add a content goof in the editing process.
| a client node is unencrypted in the agent's data, and configuration | ||
| directory. |
There was a problem hiding this comment.
This bit got "wat?" really fast...not because of your edits. I'm not 100% sure of the intention here. Perhaps it's to mention that the data directory and configuration are both stored to disk in the clear.
I think this was kind of the point, but it sort of fell apart at the end for me. I'd love to hear your thoughts on it, @picatz .
- Client state contains information about the allocations running on a client.
- The allocation directory, generally a child directory of data_dir but not required to be, can contain logs and files created or read during an allocations lifetime.
- The configuration directory could have elements that should be protected.
There was a problem hiding this comment.
The intention was to highlight that information is stored in the clear on disk on client nodes, but information is encrypted on-the-wire. I think the wording could def be adjusted, just not exactly sure what that wording is yet. 🤔
Maybe:
Client state that contains all information of running allocations is stored in the clear on disk on client nodes. This information is encrypted over-the-wire when communicating with server nodes.
What do you think @angrycub? Maybe it needs to be a bit more verbose?
Going to think a bit more about the other suggestions. Co-authored-by: Charlie Voiselle <[email protected]>
Still need to answer / think about the other questions. Co-authored-by: Charlie Voiselle <[email protected]>
|
|
tgross
added
the
stage/needs-rebase
This PR updates the security model documentation wording, adds official enterprise annotations (
EnterpriseAlert), and includes small markdown formatting fixes.