Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource Rights Registry Analysis #211

Closed
Tracked by #131
TheTechArch opened this issue Jul 6, 2023 · 1 comment
Closed
Tracked by #131

Resource Rights Registry Analysis #211

TheTechArch opened this issue Jul 6, 2023 · 1 comment
Labels
kind/analysis

Comments

@TheTechArch
Copy link
Member

TheTechArch commented Jul 6, 2023
edited by ekorra
Loading

Description

The resource rights registry allows for service owners to define a limited set of reportees that can use a specific service.

We need to identify the requirements and analyze the design for the resource rights registry.

In scope

Identify requirements

  • Possible to limit access to a resource in general. Limitations can be given as an organization number or person number and points to a given reportee.
  • Possible additional limitations on action
  • Possible for additional limitations on resources?

Possible structure

{
"party": "orgnr:9123432"
"resource" "urn:altinn:resource:superapp",
"actions" : ["read", "write"],
"subjectclaims": ["scope:superscope"],
"validTo": "2024-01-01"
}

Party: Either ssn or orgnumber identifying the reporter
Resource: The reference to the resource in the resource registry
Actions: Additional limit the actions available for a given party
SubjectClaims: Additional required claims for the subject. Potential it could be a scope or a specific role. Needs to be analyzed further for needs
ValidTo: A end date for when this right expires

RRR for scopes

{
"party": "orgnr:9123432"
"resource" "urn:digdir:scope:skd.supercope",
"actions" : ["read", "write"],
"subjectclaims": ["scope:superscope"],
"validTo": "2024-01-01"
}

Enabling the use of RRR

For performance reasons enabling the use of RRR is done on the Resource registration in the resource registry.
A flag on a resource triggers a search in RRR

RRR Validation

We need to create RRR validation that will be used before PDP processing and when checking rights for a given resource.

This needs to be able to

Managing RRR

Resource Registry will expose APIS to manage RRR resources. An org could manage RRR for a resource owned by that entity.

Should this be possible to manage from Altinn Studio? We could, in theory, support having the admin tools available.

Additional Information

No response

Analysis

No response

Conclusion

No response
@TheTechArch TheTechArch added status/draft Status: When you create an issue before you have enough info to properly describe the issue. kind/analysis labels Jul 6, 2023
@ekorra ekorra mentioned this issue Nov 21, 2023
Closed
@ekorra ekorra removed the status/draft Status: When you create an issue before you have enough info to properly describe the issue. label Nov 21, 2023
This was referenced Jan 25, 2024
Closed
Open
@TheTechArch TheTechArch removed the epic label Jan 26, 2024
@ekorra ekorra closed this as completed Feb 7, 2024
@ekorra
Copy link

ekorra commented Feb 7, 2024

Flyttet utviklingsoppgaver til epic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/analysis
Projects
Team Tilgangsinfo
Status: ✅ Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ekorra @TheTechArch