Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Tracker] APKAM: PKAM per app & device, with namespace access control capability #29

Open
8 of 10 tasks
gkc opened this issue Jan 23, 2023 · 2 comments
Open
8 of 10 tasks
Assignees
Labels
enhancement New feature or request

Comments

@gkc
Copy link
Contributor

gkc commented Jan 23, 2023

Is your feature request related to a problem? Please describe.

  • atSign owners are too involved in actual management of private keys
  • Current permissions approach is all-or-nothing - you either have access or you don't

Describe the solution you'd like

  • Limit likelihood of compromise of private keys
    • Limit private keys required by apps to the bare minimum - a single keypair (whose
      private key may be held on a TPM / secure element)
    • No more exporting of keys files for import by other apps+devices
    • Easy-to-use management of app access and app namespace permissions
  • Limit blast radius if private keys are compromised
    • Apply access controls to apps' use of the atSign's namespace
    • Easy-to-use modification / revocation of app access and app namespace permissions

Tasks

Preview Give feedback
  1. 0 SP In review enhancement
    gkc
  2. murali-shris
  3. enhancement
    murali-shris
  4. enhancement
    murali-shris
  5. enhancement
    murali-shris
  6. enhancement
    murali-shris sitaram-kalluri
  7. enhancement
    murali-shris sitaram-kalluri
  8. enhancement
    murali-shris purnimavenkatasubbu
@gkc gkc added the enhancement New feature or request label Jan 23, 2023
@gkc gkc self-assigned this Jan 23, 2023
@gkc gkc changed the title Per-app+device PKAM (aka APKAM), with namespace access control capability APKAM: PKAM per app & device, with namespace access control capability Jan 23, 2023
This was referenced Jan 23, 2023
@gkc
Copy link
Contributor Author

gkc commented Jan 23, 2023

Completed draft detailed design in PR53

@gkc
Copy link
Contributor Author

gkc commented Feb 20, 2023

Moving to PR57 as will not get to it in PR56

@XavierChanth XavierChanth changed the title APKAM: PKAM per app & device, with namespace access control capability [Tracker] APKAM: PKAM per app & device, with namespace access control capability Jun 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants