search

18F / Sendak

[DEPRECATED] Sendak integrates user, project, and deployment management for 18F
Other
10 stars 4 forks source link

How do we manage permissions with a slack integration? #101

Open janearc opened 9 years ago

janearc commented 9 years ago

with plugsuit-slack it should be mostly trivial to take stuff that works with sendak in the shell and just have it interact with slack.

but i had not considered the problem of authentication.

the use case i discussed with @NoahKunin was "give a user access to slack, have them interact with the bot to get their QR code and input their two successive codes." the problem is, the user themselves does not have IAM credentials, and accordingly cannot "feed the bot;" so the bot has to actually have permissions to configureVirtualMFADevice and then (possibly) enableMFADevice.

alternatively, it has to be run in the shell or be run by someone who is a proxy for that process in the described, "semi-manual onboarding."

@ozzyjohnson @konklone — thoughts on how to do this? i think if we just restrict permissions to creating MFA, it's not such a big deal?

konklone commented 9 years ago

That's a neat problem. If the bot were to be compromised, what is the worst it could do? Could it disable everyone's MFA devices? If so, does that remove 2FA for those accounts (reducing it to password-based access), or does it make it so those people can't log in and need to be rescued by our account root, or by Amazon itself?

janearc commented 9 years ago

I think that's a good question and testable. Also, could a "weaker" MFA device be added? For example if an attacker knew a users password, is it possible (assuming we don't give permission to delete devices) to add a "null" mfa device which just always says yes?

But if we go back to my trip to Thailand again the question is what harm could come from my account being compromised? The answer seemed to be "not much of consequence."

J

mobile emails are (possibly) sloppy & terse. sorry.

On Feb 24, 2015, at 22:34, Eric Mill notifications@github.com wrote:

That's a neat problem. If the bot were to be compromised, what is the worst it could do? Could it disable everyone's MFA devices? If so, does that remove 2FA for those accounts (reducing it to password-based access), or does it make it so those people can't log in and need to be rescued by our account root, or by Amazon itself?

— Reply to this email directly or view it on GitHub.