at_server icon indicating copy to clipboard operation
at_server copied to clipboard

Published 20 hours ago verified publisher icon atsign-foundation

Enhancement: Enforcing Superset Access Check for Approving Apps

Open sitaram-kalluri opened this issue 7 months ago • 2 comments

Is your feature request related to a problem? Please describe.

Implement a feature to ensure that an "approving" app can only approve enrollment requests if it has access to all the namespaces requested by the "enrolling" app. If the approving app lacks access to any of the namespaces included in the enrollment request, it should not be able to approve the request.

Describe the solution you'd like

  • When executing "enroll:approve" add a check on the client/server to verify the list of namespaces the approving app is authorized for. If the approving app is not authorized for any namespace in the enrollment request, return an exception.

sitaram-kalluri avatar Jul 08 '24 09:07 sitaram-kalluri