Security Dashboard
From wiki.gpii
Contents
Security pages
- Security and Privacy
- GPII OAuth 2 Guide
- Vulnerability Assessment
- Infrastructure Assessment - Application and infrastructure scanning
- Audit logging Strategy
- GPII Security Plan
- Preferences Server Security
- Security Gateway
- Architecture Ideas, Sketches, and Meeting Notes
- Prosperity4All Security Infrastructure
- UI Options Security Scenarios
- CouchDB Designs for Saving and Retrieving Security Data
- APCP Security Documentation
- Other pages relating to security can be found in the category Security and Privacy.
Designs
- Options Panel - GPII Integration UI
- PMT Signin/Login and Account Management
- Privacy Settings with preferences selection
- Privacy Settings without preferences selection
- Discovery Tool - Save a Preference Set and Receive a Token
- PCP and PMT
GPII Deployment Structures
Protect the communication between the local flow manager and the cloud based flow manager
- Initial Research on Protecting communication between Local Flow Manager and Cloud Based Flow Manager
- Continued Researches on Possible Approaches for Protecting Communication btw LFM and CBFM
- Workflows to Request and Manage Client Credentials
- Designs of Using a Dedicated Process to Protect the Client Secret Assigned to GPII Local Installation
New GPII Data Model
Capture Tool APIs
GPII Account Setup APIs
Presentations
- GPII Security Presentation @ APCP Advisory Committee Meeting, Jun 2017
- GPII Security Presentation November 2015
OAuth 2.0 Resources
- RFC 6749 The OAuth 2.0 Authorization Framework
- RFC 6819 OAuth 2.0 Threat Model and Security Considerations
- "OAuth 2 Simplified" article by Aaron Parecki
- GitHub OAuth2 API documentation
Notes and Older Documents
Meetings
- August 18th, 2014 Security Technical Call http://piratepad.net/DsKsRle4XF
- September 8th, 2014 Security Technical Call http://lists.gpii.net/pipermail/architecture/2014-September/002707.html
- October 6th, 2014 Security Technical Call http://piratepad.net/0RmS3vsmgt
- October 13th, 2014 Security Technical Call http://piratepad.net/c4a-security-13-10-2014
- October 14th, 2014 Security Technical Call http://piratepad.net/u2GJv2HqDt
- October 20th, 2014 Security Technical Call http://piratepad.net/c4a-security-20-10-2014
- October 24th, 2014 Meeting with Antranig, Michelle, and Simon http://piratepad.net/SbqR5PCRQU
- October 27th, 2014 Security Technical Call http://piratepad.net/c4a-security-27-10-2014
- November 3rd, 2014 Security Technical Call http://piratepad.net/c4a-security-03-11-2014
- November 6th, 2014 Meeting with Dana, Colin, and Simon http://piratepad.net/FXEU25cW8a
- November 12th, 2014 Meeting with Colin, Antranig, and Simon http://piratepad.net/3fHrF4T3JD
- November 17th, 2014 Security Technical Call http://piratepad.net/c4a-security-17-11-2014
- November 24th, 2014 Security Technical Call http://piratepad.net/c4a-security-24-11-2014
- November 27th, 2014 Meetings with Colin, Kasper, Antranig, and Simon http://piratepad.net/I8uyfSu3UF
- December 4th, 2014 Meeting with Antranig and Simon http://piratepad.net/pkxgwQSUYV
- December 15th, 2014 Security Technical Call http://piratepad.net/zWEZZkEOJu
- December 19th, 2014 Privacy Settings Meeting http://piratepad.net/4VzCh1u02R
- January 5th, 2015 Security Technical Call http://piratepad.net/3THu1Jc4ht
- January 12th, 2015 Security Technical Call http://piratepad.net/WfaVdfWZw5
- January 26th, 2015 Security Technical Call http://piratepad.net/CSA7ikTEXJ
- February 2nd, 2015 Security Technical Call http://piratepad.net/YpFndtIiwy
- February 25th, 2015 Security meeting 2015-02-25
- March 3rd, 2015 Security meeting 2015-03-03
- March 16th, 2015 Security Technical Call http://piratepad.net/glp0XpI6il
- March 23rd, 2015 Security Technical Call http://piratepad.net/1oCRTByGRx
- April 8th, 2015 Security meeting 2015-04-08
- April 13th, 2015 Security meeting 2015-04-13
- May 12th, 2015 Security meeting 2015-05-12
- June 22nd, 2015 Security meeting 2015-06-22
- June 29th, 2015 Security meeting 2015-06-29
- July 22nd, 2015 Security meeting 2015-07-22
- July 29th, 2015 Architecture meeting
- September 1, 2015 UIO Security integration meeting 2015-09-01
- September 8, 2015 UIO and First Discovery Tool integration 2015-09-08
- September 14, 2015 CouchDB security persistence 2015-09-14
- September 15, 2015 UIO and First Discovery Tool integration 2015-09-15
- October 13, 2015 UIO Preference Storage 2015-10-13
- October 23, 2015 Hybrid Flow Manager Ingtegration 2015-10-23
- January 15, 2016 Integrating with the GPII Preferences Server 2016-01-15
- January 18 - February 8, 2016 Continuous talks on integrating with GPII preferences server 2016-01-16, 2016-01-19, 2016-02-08
- March 3, 2016 APCP Security meeting 2016-03-03
- March 9, 2016 APCP Security meeting 2016-03-09
- March 15, 2016 APCP Security meeting 2016-03-15
- March 16, 2016 Next Steps for APCP Security 2016-03-16
- March 22, 2016 APCP Security meeting 2016-03-22
- March 29, 2016 APCP Security meeting 2016-03-29
- April 12, 2016 APCP Security meeting 2016-04-12
- April 14, 2016 APCP Security meeting 2016-04-14
- Oct 25, 2016 & Oct 31, 2016 Identity and Access Management meeting 2016-10-25 & 2016-10-31
- Nov 3, 2016 IAM requirements 2016-11-3
- Nov 17, 2016 GPII Security Next Steps 2016-11-17
- Nov 23, 2016 How to protect the preferences server 2016-11-23
- Nov 28, 2016 Review GPII authorization workflow diagrams 2016-11-28
- December 8, 2016 Washinton DC face to face, Protect the communication between the local flow manager and the cloud based flow manager(1) 2016-12-08
- January 4, 2017 Protect the communication between the local flow manager and the cloud based flow manager(2) 2016-12-08
- Feburary 16, 2017 Protect the communication between the local flow manager and the cloud based flow manager(3) 2017-02-16
- April 12, 2017 Protect the communication between LFM and CBFM: More discussion on securing the communication between a windows service and its child process - line 121 onwards
- May 8 - 12, 2017 Toronto Face to Face Hackathon
- May 8, 2017 Protect the communication between LFM and CBFM: review and discuss the design of using dedicated process to protect the client credential
- May 23, 2017 Protect the communication between LFM and CBFM: Review and discuss UX workflows and the implementations to start
- June 20, 2017 Update the status of GPII security work with Greg
- July 2017 The discussion of auth database document structures
- August 1, 2017 Discussion with UX team on the workflows to request and manage client credentials
- September 11, 2017 Discuss with UX team on questions for "Keys & KeyToken - Their Role and Use" document
- September 15, 2017 Create a to-do list based on "Keys & KeyToken - Their Role and Use" document
- Nov 2017 Remaining work for supporting PSP