Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Protection of metadata #52

Open
Fannon opened this issue Aug 29, 2024 · 0 comments
Open

Protection of metadata #52

Fannon opened this issue Aug 29, 2024 · 0 comments
Assignees
@Fannon @RoshniNaveenaS

Comments

@Fannon
Copy link
Contributor

Fannon commented Aug 29, 2024

Security of metadata in ORD Plugin (proposal from @Fannon ):

"open" is only allowed if metadata is public and static. In this case, we make it public later anyway (BAH).
If metadata is tenant-specific, it needs to be protected to not leak information about customer extensions
If metadata contains internal or private visibility content, then it needs to be protected and the aggregators take over responsibility for access control / protection.

For customer CAP application, we probably have to go with a default, but here we can't protect by default. So we make this a customer decision.
@Fannon Fannon changed the title Security Audit / Thread Modeling Workshop Protection of metadata Aug 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Fannon Fannon

@RoshniNaveenaS RoshniNaveenaS

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Fannon @RoshniNaveenaS