Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Security #43

Closed
murphysj opened this issue Jan 15, 2014 · 8 comments
Closed

API Security #43

murphysj opened this issue Jan 15, 2014 · 8 comments
Labels
CMIP6 feature request Operations Web

Comments

@murphysj
Copy link

WHO: Mark

Need to secure api with ssl certificate.
@murphysj murphysj added the Web label May 1, 2014
@asladeofgreen
Copy link
Member

IPSL has obtained a server certificate but it's use would entail moving API to an IPSL server - not sure if we really want to do this at this time.

@asladeofgreen asladeofgreen changed the title SSL certificate API Security Mar 24, 2015
@asladeofgreen
Copy link
Member

Need to secure at HTTPS level and also enforce authentication

@SebastienDenvil
Copy link

How to enforce authentication by the end of May? We need a strategy document about that. For py-esdoc client first, then we will extent. If the CIM questionnaire wrap the pyesdoc-client then we win twice.

@asladeofgreen
Copy link
Member

This scenario is very different form the CIM Questionnaire. The focus here is securing the ES-DOC API publishing endpoints. I would suggest simple HTTPS digest authentication with an authenticator at the API which simply performs a whitelist check against a config file.

Thus when institute X wishes to leverage pyesdoc to publish documents the admin workflow is as follows:

  1. Institute X contacts ES-DOC support to request authentication.
  2. ES-DOC supports generate username / password which is added to authentication whitelist config file.
  3. ES-DOC supports sends credentials to institute X in an offline manner (a telephone call will suffice).
  4. Institute X updates local pyesdoc.json config file which is their responsibility to secure.

The above is very simple and will take a day or so to implement on the API side.

@SebastienDenvil
Copy link

Let's have a document describing this. Let's circulate this (es-doc-pi + wip). And then if we all agree and we know who will support that charge (es-doc support) then let's implement.

@murphysj
Copy link
Author

Moving out of any milestone until this is better understood.

@murphysj murphysj removed this from the Release 0.9.4 milestone Mar 25, 2015
@murphysj murphysj added the CMIP6 label Mar 25, 2015
@murphysj
Copy link
Author

murphysj commented Apr 3, 2015

Considered top priority in the Feb 2015 F2F

@allynt allynt mentioned this issue Sep 1, 2016
Open
@allynt
Copy link

allynt commented Sep 1, 2016

This issue was moved to ES-DOC/esdoc-documentation-ws#8

@allynt allynt closed this as completed Sep 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CMIP6 feature request Operations Web
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@asladeofgreen @murphysj @allynt @SebastienDenvil