yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
deft/2021-W13.org
Yann Esposito (Yogsototh) f8b9635395
2021-W13.org
2021-08-17 14:47:18 +02:00

3 KiB
Raw Blame History

2021-W13

2021-03-29 Monday

MEETING Meeting Talk about SSE tokens   work meeting

CLOCK: [2021-03-29 Mon 20:28][2021-03-29 Mon 22:49] => 2:21

[2021-03-29 Mon 20:28]

Cold weather at Didi's place.

Doron: CDO

Doing things with SSE and SecureX. Device Manager, OIDC. We look at the user, tenant in SSE, etc…

The flow sometimes break, etc… Sometimes in the CDO part.

SSE guys told me I need to talk to you to change the flow.

2021-03-30 Tuesday

IN-PROGRESS Learn about sessions between different domains   work

CLOCK: [2021-03-30 Tue 10:10][2021-04-01 Thu 11:30] => 49:20

[2021-03-30 Tue 10:10]

2021-04-02 Friday

MEETING CSA Meeting   work meeting

CLOCK: [2021-04-02 Fri 16:30][2021-04-02 Fri 17:50] => 1:20

[2021-04-02 Fri 16:30]

ref
/yogsototh/deft/src/commit/54b792455f3d7b9d8081f4d5ca9cb8e0e18a9540/~/.doom.d/config.el::%28<=%2010%20hour%2016%29%20'doom-oceanic-next

Notice form my last update. Most issue marked as resolved.

Andy:

DONE response explanation about Clients   work

CLOCK: [2021-04-02 Fri 15:50][2021-04-02 Fri 15:58] => 0:08

[2021-04-02 Fri 15:50]

ref
Update SSE Clients

The most important. Our Client model is not public like it is with Github. So Clients of IROH-Auth are not public by default like this is the case for Github. Every OAuth2 Auth Code client that would like to be used by people outside the org of its owner MUST ask for an approval from a SecureX Administrator. More precisely:

  1. No client can be created that could be used outside of the org without a

Cisco SecureX administrator manually approving that client. So nobody from any org X could create a client with a fake Application name and use it outside of their own Org. Also the client would be updated, it would still need another approval from us.

  1. No client can have the auto-approval feature which is extremely restricted

to only a bunch of trusted clients. The list of client with auto-approval is put in a separate table only accessible via Cisco SecureX administrators (us).

  1. A lot of existing clients were created before we had the current Data User

structure. So for example, the Organization name will probably be something no meaningful.

  1. Also many other teams inside Cisco did not create the client themselves and

we created the client for them and we handled them the client credentials. So would we add the Org name to this page it would mean that we need a lot of administrative work on the 5 deployed environments to change the owner of many clients manually.

  1. The SecureX/CTR Orgs are not public, they do not have a public profile any

user could check. We could at most give the name of the org. I think at most we could show a few data about the Client's owner. For example it's user name, (email ?), etc… So unlike with github we cannot give a link to an Org profile webpage.

  1. Orgs do not have avatars.