yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tracker.org

Browse source
This commit is contained in:
Yann Esposito (Yogsototh) 2021-04-02 15:51:18 +02:00
parent d0e4377f4a
commit 315e267ba5
Signed by untrusted user who does not match committer: yogsototh
GPG key ID: 7B19A4C650D59646
1 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
tracker.org
View file

@ -1986,6 +1986,23 @@ SSE guys told me I need to talk to you to change the flow.
*** 2021-03-30 Tuesday
**** IN-PROGRESS Learn about sessions between different domains :work:
:LOGBOOK:
CLOCK: [2021-03-30 Tue 10:10]
CLOCK: [2021-03-30 Tue 10:10]--[2021-04-01 Thu 11:30] => 49:20
:END:
[2021-03-30 Tue 10:10]
*** 2021-04-02 Friday
**** IN-PROGRESS response explanation about Clients :work:
:LOGBOOK:
CLOCK: [2021-04-02 Fri 15:50]
:END:
[2021-04-02 Fri 15:50]
- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/Cisco.org.gpg::*Update SSE Clients][Update SSE Clients]]
The most important. Our Client model is not public like it is with Github. So Clients of IROH-Auth are not public by default like this is the case for Github. Every OAuth2 Auth Code client that would like to be used by people outside the org of its owner MUST ask for an approval from a SecureX Administrator.
More precisely:
No client can be created that could be used outside of the org without a Cisco SecureX administrator manually approving that client. So nobody from any org X could create a client with a fake Application name and use it outside of their own Org. Also the client would be updated, it would still need another approval from us.
No client can have the auto-approval feature which is extremely restricted to only a bunch of trusted clients. The list of client with auto-approval is put in a separate table only accessible via Cisco SecureX administrators (us).
A lot of existing clients were created before we had the current Data User structure. So for example, the Organization name will probably be something no meaningful. Also many other teams inside Cisco did not create the client themselves and we created the client for them and we handled them the client credentials. So would we add the Org name to this page it would mean that we need a lot of administrative work on the 5 deployed environments to change the owner of many clients manually.
The SecureX/CTR Orgs are not public, they do not have a public profile any user could check. We could at most give the name of the org. I think at most we could show a few data about the Client's owner. For example it's user name, (email ?), etc... So unlike with github we cannot give a link to an Org profile webpage.
Orgs do not have avatars.