Security checks, reviews, and fitness functions (FOLIO-3582)

[FOLIO-3869] Spike - Revisit Folio auth mechanisms and generate a proposal/RFC Created: 03/Aug/23  Updated: 17/Aug/23

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None
Parent: Security checks, reviews, and fitness functions

Type: Story Priority: P3
Reporter: Craig McNally Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: None
Epic Link: Security checks, reviews, and fitness functions
RCA Group: TBD

 Description   

Overview

Recent critical security vulnerabilities related to hardcoded system user credentials have brought the topic of Folio authN/Z mechanisms to the forefront once again.  We acknowledge that Folio uses a home grown implementation for this.  It may be time to give some serious thought to adopting industry standards like Oauth 2.0, OIDC, etc.

The Security team will need to refine this work, split it into multiple stories/spikes/tasks, define scope and AC for each, etc.  For now, this serves as a placeholder.

Scope

TBD

Acceptance Criteria

TBD


Generated at Thu Feb 08 23:31:24 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.