Security meeting 2015-03-03

From wiki.gpii
Jump to: navigation, search

Overview

At the meeting: Antranig, Colin, Kasper, and Simon.

We discussed:

  • User accounts, tokens, and anonymous access
  • 3 different client scenarios:
    • confidential clients
    • public clients
    • privileged clients

User accounts, tokens, and Anonymous access

A user may use GPII anonymously without identifying themselves to the system. In this scenario, a GPII token is created for the user. Read and write access to preferences is provided through use of this token.

A user may also create a user account on GPII. A user account enables the following:

  • Creation of one or more GPII tokens associated with the account
  • Revocation of GPII tokens
  • Per application privacy settings

Actions requiring authentication with a username and password

  • Creation and revocation of GPII tokens
  • Authorization of application access to preferences
  • Editing of Privacy Settings

Confidential client flow

For confidential clients, such as web applications, we will use the OAuth 2.0 Authorization Code grant type as presented in the GPII OAuth 2 Guide.

Public client flow

We are unable to reliably verify the identity of public clients (clients that are unable to keep a secret).

This means that we cannot offer per-client preferences authorization or filtering using the same means as we can for confidential clients.

We would like to provide some means of per-client authorization for public clients and we discussed the following options:

  • Per-installation secrets (each instance of a public client has its own secret)
  • Group all public clients together and authorize them as a group
  • Generate a new GPII token for each public client and use per-token authorization
  • If the public client is trusted, use the OAuth 2 "Resource Owner Password Credentials" authorization grant type as discussed in the section below for trusted clients

Privileged application flow (trusted local Flow Manager)

For privileged applications, such as a trusted local Flow Manger, we will use the OAuth 2.0 Resource Owner Password Credentials grant type.

In this grant type, the trusted application gathers the user's username and password credentials directly from the user and uses those to obtain an access token.

The local Flow Manager will communicate with the Cloud Based Flow Manager to retrieve user preferences. This relationship was explored further at Security meeting 2015-04-08.

Whiteboard

IMG 0379.JPG

IMG 0381.JPG

IMG 0380.JPG