wajda
commented
1 year ago As a minimum, we need to implement an authorisation mechanism (OAuth, Kerberos) for both APIs, and access control on computational level lineage (expressions) and operation details, that might leak some sensitive meta-information about security jobs logic etc.
This is an umbrella issue for discussing and brainstorming security aspects of the system, basically those A's - Authentication, Authorisation, Access control, Auditing etc.