Security meeting 2015-03-03
At the meeting: Antranig, Colin, Kasper, and Simon.
- User accounts, tokens, and anonymous access
- 3 different client scenarios:
- confidential clients
- public clients
- privileged clients
User accounts, tokens, and Anonymous access
A user may use GPII anonymously without identifying themselves to the system. In this scenario, a GPII token is created for the user. Read and write access to preferences is provided through use of this token.
A user may also create a user account on GPII. A user account enables the following:
- Creation of one or more GPII tokens associated with the account
- Revocation of GPII tokens
- Per application privacy settings
Actions requiring authentication with a username and password
- Creation and revocation of GPII tokens
- Authorization of application access to preferences
- Editing of Privacy Settings
Confidential client flow
Public client flow
We are unable to reliably verify the identity of public clients (clients that are unable to keep a secret).
This means that we cannot offer per-client preferences authorization or filtering using the same means as we can for confidential clients.
We would like to provide some means of per-client authorization for public clients and we discussed the following options:
- Per-installation secrets (each instance of a public client has its own secret)
- Group all public clients together and authorize them as a group
- Generate a new GPII token for each public client and use per-token authorization
- If the public client is trusted, use the OAuth 2 "Resource Owner Password Credentials" authorization grant type as discussed in the section below for trusted clients
Privileged application flow (trusted local Flow Manager)
For privileged applications, such as a trusted local Flow Manger, we will use the OAuth 2.0 Resource Owner Password Credentials grant type.
In this grant type, the trusted application gathers the user's username and password credentials directly from the user and uses those to obtain an access token.
The local Flow Manager will communicate with the Cloud Based Flow Manager to retrieve user preferences. This relationship was explored further at Security meeting 2015-04-08.