ISSUE-2354: BP-41 Certificate role based authorization for Bookkeeper #215

sijie · 2020-06-04T04:14:49Z

This is the master ticket for tracking BP-41.

Even with TLS/mTLS authentication, any other service with rootCA is able to access Bookkeeper which is unacceptable as Bookkeeper is the source or truth.

This feature allows a predefined set of roles to be 'whitelisted' to be able
to access bookkeeper based on their client certificates.
It also introduces a structure for these roles to adhere to in order to scale.

Proposal PR - Link

sijie added the type/proposal label Jun 4, 2020

jiazhai added workflow::triaged bookkeeper/client triage/week-23 labels Jun 5, 2020

sijie removed the triage/week-23 label Jun 5, 2020

sijie added the triage/week-36 label Sep 4, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ISSUE-2354: BP-41 Certificate role based authorization for Bookkeeper #215

ISSUE-2354: BP-41 Certificate role based authorization for Bookkeeper #215

sijie commented Jun 4, 2020

ISSUE-2354: BP-41 Certificate role based authorization for Bookkeeper #215

ISSUE-2354: BP-41 Certificate role based authorization for Bookkeeper #215

Comments

sijie commented Jun 4, 2020