Uploaded image for project: 'GPII - Global Public Inclusive Infrastructure'
  1. GPII - Global Public Inclusive Infrastructure
  2. GPII-2237

Research on approaches to protect the communication between GPII local installation and GPII cloud

    XMLWordPrintable

    Details

      Description

      The second use case shown on the wiki page of GPII Authorization workflow is the workflow between the local GPII installation and GPII cloud. At the moment, this workflow does not have an authorization process in place to verify:

      1. The request is sent by an installation of the local flow manager;
      2. This local flow manager has been authorized by the settings owner to access his/her settings.

      This means, all http setting requests in the format of :userToken/untrusted-settings/:deviceInfo received at the cloud based flow manager will be processed and the user settings will be returned, regardless of who/where those requests are sent from.

      Research is required for adding the authorization for this communication.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              cli@ocad.ca Cindy Qi Li
              Reporter:
              cli@ocad.ca Cindy Qi Li
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: