API Security #8
Comments
|
From @momipsl on March 24, 2015 13:59 IPSL has obtained a server certificate but it's use would entail moving API to an IPSL server - not sure if we really want to do this at this time. |
|
From @momipsl on March 24, 2015 15:35 Need to secure at HTTPS level and also enforce authentication |
|
From @SebastienDenvil on March 25, 2015 14:29 How to enforce authentication by the end of May? We need a strategy document about that. For py-esdoc client first, then we will extent. If the CIM questionnaire wrap the pyesdoc-client then we win twice. |
|
From @momipsl on March 25, 2015 14:45 This scenario is very different form the CIM Questionnaire. The focus here is securing the ES-DOC API publishing endpoints. I would suggest simple HTTPS digest authentication with an authenticator at the API which simply performs a whitelist check against a config file. Thus when institute X wishes to leverage pyesdoc to publish documents the admin workflow is as follows:
The above is very simple and will take a day or so to implement on the API side. |
|
From @SebastienDenvil on March 25, 2015 14:50 Let's have a document describing this. Let's circulate this (es-doc-pi + wip). And then if we all agree and we know who will support that charge (es-doc support) then let's implement. |
|
From @murphysj on March 25, 2015 17:9 Moving out of any milestone until this is better understood. |
|
From @murphysj on April 3, 2015 14:27 Considered top priority in the Feb 2015 F2F |
From @murphysj on January 15, 2014 18:4
WHO: Mark
Need to secure api with ssl certificate.
Copied from original issue: ES-DOC/esdoc-docs#43
The text was updated successfully, but these errors were encountered: