anonlink-entity-service
anonlink-entity-service copied to clipboard
Better authentication/authorization pattern
Proposed pattern:
- Party 1 Creates a project, Anonlink-Entity-Service issues a “Project Join Secret”
- Party 1 gives Party ((n)) the join secret, who register with the entity service. The entity service then returns the token for that specific party, to be used for further requests.
Something like the above is similar to what we do now and still simple, however negates the risk of party 1 reusing other parties tokens.
cc @wilko77
I drew a diagram of the current way we send the tokens around.
I don't quite get the risk that the proposed solution negates. Which tokens can party 1 reuse? The upload tokens are single use only.
However, we have the problem that the analyst can impersonate any other party. This threat will not go away with the proposed pattern. It can only be solved if we implement proper authentication! (The ES encrypts the upload tokens with the data providers' public keys.)
For completeness, I also drew the proposed pattern, (as I understand it...)
@muelsy would you care to weigh in?