Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add MFA capability and permission (#79)
* V1.2.0 proposal, Add MFA capability and permission This PR is a proposal to add a capability `/mfa-enforcing` as well as a permission `mfa-enforced` to the specification. The version of the specification is bumped to 1.2.0. If an OCM provider has the capability `/mfa-enforcing` it will respond with a boolean on the endpoint /mfa-enforcing to indicate whether or not it will try to comply with a MFA requirement set as a permission on a share. If the sharer OCM provider trusts the sharee OCM provider the sharer MAY set the permission `mfa-enforced` on a share. A complient OCM provider that signals mfa-enforcing `true` MUST not allow access to a resource to a user that has not provided a second factor to establish the identity of the user with greater confidence. Since there is no way to guarantee that the sharee OCM provider will actually enforce the MFA requirement, it is up to the sharer OCM provider to establish a trust with the OCM sharee provider such that it is reasonable to assume that the sharee OCM provider will honor the MFA requirement. This establishment of trust will inevitably be implementation dependent, and can be done for example using a pre approved allow list of trusted OCM providers. The procedure of establishing trust is out of scope for this specification. * MFA: Address review feedback This patch adds information about MFA to the readme-file and renames `mfa-enforcing` to `mfa-capable`. The respons is simplified from a boolean response on the endpoint to an empty HTTP 200 OK response. Version is reset to 1.1.0 * MFA: reworked role of the /mfa-enabled endpoint * Partially reverted previous changes, expanded descriptions for more clarity * Update spec.yaml Co-authored-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch> * Update spec.yaml Co-authored-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch> --------- Co-authored-by: Giuseppe Lo Presti <giuseppe.lopresti@cern.ch>
- Loading branch information
1 parent
ae2fdfa
commit af29d75
Showing
3 changed files
with
43 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
{ | ||
"githubPullRequests.ignoredPullRequestBranches": [ | ||
"develop" | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters