alchemiscale icon indicating copy to clipboard operation
alchemiscale copied to clipboard
verified publisher icon openforcefield

Security : `Scope` handling in APIs

Open dotsdl opened this issue 3 years ago • 1 comments

CredentialedEntitys such as user and compute service identities feature a list of Scopes that they can operate on. Currently, these are not used by our APIs to restrict any operations. Instead, we want CredentialedEntitys to only be capable of operating on scopes that they have explicit permissions for.

We also want Scopes to support wildcards, and perhaps even regexes, to allow for administrator flexibility when managing user and compute service permissions. It may be desirable to also make a distinction between read and write permissions at the level of individual Scope strings.

dotsdl avatar Nov 15 '22 07:11 dotsdl

This has been partially addressed by #41/#53. We want to extend that approach to support wildcards or regexes next in #42. #43 will address more granular permissioning.

dotsdl avatar Jan 09 '23 18:01 dotsdl