Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhanced Security Defaults for Credential-based Access Control #25

Open
Abrom8 opened this issue Jun 11, 2024 · 0 comments
Open

Enhanced Security Defaults for Credential-based Access Control #25

Abrom8 opened this issue Jun 11, 2024 · 0 comments

Comments

@Abrom8
Copy link

Abrom8 commented Jun 11, 2024

Enhanced Security Defaults for Credential-based Access Control

Issue

For sensitive data scenarios, legal requirements may restrict access only to qualified individuals (e.g., credentialed EU researchers).

There lacks a secure default for when the credentials configuration is not explicitly defined, potentially allowing unintended access.

Proposed Change

Enhance the credentials configuration by adding an allowAll field and implementing secure defaults:

  • Add allowAll Field: A boolean to explicitly allow or deny access to everyone if no specific allow or deny credentials are defined.
  • Default Behavior:
    • allowAll: false
    • If the credentials object is undefined or if allowAll is false/undefined and no allow credentials are specified, no access is granted.
  • defined allow and deny policies overrule the allowAll configuration

Example Object with Default Secure Settings

{
  "credentials": {
    "allowAll": false,
    "allow": [],
    "deny": []
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Abrom8