Avoid publishing sensitive information in mod-circulation domain events from Secure tenant
Description
The mod-circulation module publishes domain events on object creation and modification to Kafka. In this case, Kafka topics can be accessed by "any module in any tenant" (note: is this wording correct?). This means that events can be intentionally or accidentally processed (e.g. logged) by modules that, according to the scenario, should not work with them. In the case of a Secure tenant, this situation can lead to a leak of sensitive information (in particular, mentioning information that allows identifying real requesters - ID, first name, last name, email, etc.)
It is necessary to analyze how to disable the publication of domain events from mod-circulation or how to add obfuscation of protected information in events if the module is deployed in a Secure tenant, evaluate the impact of this action on the functioning of the application logic in the Circulation domain, and implement the action.
Expected result: When deployed to a Secure Tenant, mod-circulation does not publish domain events or obfuscate them to avoid publishing sensitive information; the Circulation application logic is unaffected.
The mod-circulation module publishes domain events on object creation and modification to Kafka. In this case, Kafka topics can be accessed by "any module in any tenant" (note: is this wording correct?). This means that events can be intentionally or accidentally processed (e.g. logged) by modules that, according to the scenario, should not work with them.
In the case of a Secure tenant, this situation can lead to a leak of sensitive information (in particular, mentioning information that allows identifying real requesters - ID, first name, last name, email, etc.)
It is necessary to analyze how to disable the publication of domain events from mod-circulation or how to add obfuscation of protected information in events if the module is deployed in a Secure tenant, evaluate the impact of this action on the functioning of the application logic in the Circulation domain, and implement the action.
Expected result: When deployed to a Secure Tenant, mod-circulation does not publish domain events or obfuscate them to avoid publishing sensitive information; the Circulation application logic is unaffected.
Сс: