APCP Security meeting 2016-03-03

From wiki.gpii
Jump to: navigation, search


  • Adewale
  • Cindy
  • Dipesh
  • Gio
  • Katy
  • Sandra
  • Simon


  • OAuth 2
  • HTTPS termination
  • Next steps

OAuth 2

  • User access to GPII
  • Use of OAuth 2 for access for user/admin roles
  • Defining roles
  • Mechanisms

For Wednesday, next week we will have preference sets and payload snapshots.

Could the Device Reporter expose unintended data to the Cloud Based Flow Manager?

Email with summary of GPII security resources:


Presentation from November 2015:


Next steps

  • HTTPS termination
  • Encryption of storage and in transit
  • oauth2orize and passport
  • For next Wednesday, we will have payloads
  • Determine authentication mechanisms
  • Different levels of privacy levels
  • Access rights and role-based authentication