rafiki icon indicating copy to clipboard operation
rafiki copied to clipboard
verified publisher icon interledger

Security mechanism for the Rafiki Admin API & UI

Open mkurapov opened this issue 2 years ago • 1 comments

Summary

Currently, the GraphQL Admin API in Rafiki is using "same network" as a security concern. We'd like to explore and implement a more secure policy for it, looking at Basic Auth and MTLS.

The Admin UI is unsecured right now, we'll need to add login screens to that as well.

Intended Outcomes

Design, spec and implement a security mechanism for the Admin API.

How will it work?

There is a secure communication mechanism between the account provider and the backend service.

Links

Resources

  • https://docs.confluent.io/platform/current/kafka/overview-authentication-methods.html#authentication-methods-overview
  • https://www.cockroachlabs.com/docs/stable/authentication.html#client-authentication

Todos

(not comprehensive)

  • [x] #2200
  • [ ] #2218
  • [x] #2491
  • [x] #2492
  • [ ] #2493
  • [x] #2494
  • [x] #2495
  • [ ] Testing?

mkurapov avatar Jun 23 '23 10:06 mkurapov

@JoblersTune do you want to research on how to best secure the admin UI?

sabineschaller avatar Nov 20 '23 09:11 sabineschaller