Task #7189
Story #7188: Review the token approach protocol and implementation
Review the authentication protocol
Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
-
Target version:
Start date:
2015-06-16
Due date:
% Done:
100%
Story Points:
Sprint:
Description
Engage a third party such as CTSC to provide a review of the authentication approaches utilized by DataONE infrastructure.
History
#1 Updated by Ben Leinfelder about 9 years ago
Emailed Jim Basney to see if he had any words of caution about our token proposal.
#2 Updated by Ben Leinfelder almost 9 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
- translation missing: en.field_remaining_hours set to 0.0
Jim thought the token approach was good - in fact CILogon is working on a similar feature and even pointed me to some of their nascent code for it - but only cautioned that we need to be careful with the token strings since they do allow complete access as the user they are issued to. Since we expire them after 18 hours, the risk is similar to certificates.
