Overview
Recent critical security vulnerabilities related to hardcoded system user credentials have brought the topic of Folio authN/Z mechanisms to the forefront once again. We acknowledge that Folio uses a home grown implementation for this. It may be time to give some serious thought to adopting industry standards like Oauth 2.0, OIDC, etc.
The Security team will need to refine this work, split it into multiple stories/spikes/tasks, define scope and AC for each, etc. For now, this serves as a placeholder.
Scope
TBD
Acceptance Criteria
TBD
|