Implement authentication and authorization for DEX Upload API

CDCgov / data-exchange-upload

Enterprise Data Exchange (DEX) is a new cloud-native centralized data ingestion, validation, and observation service scoped for common data types (HL7, FHIR, CDA, XML, CSV) sent to the CDC. It helps public health stakeholders who send data to the CDC while reducing the maintenance efforts, complexity, and duplication of ingestion points to CDC.

Apache License 2.0

8 stars 3 forks source link

Implement authentication and authorization for DEX Upload API #8

Open sirishankar opened 2 years ago

sirishankar commented 2 years ago

Requirements:

Implement API authentication
- Azure API Gateway is an option? ==> Ryan: For authorization, yes. But you still need a separate IdP for the authentication.
- OAuth2 with access tokens and refresh tokens (do we need refresh tokens)? ==> Ryan: No for MVP; yes for proper solution.
Implement API authorization
- APIM?

rmharrison commented 2 years ago

@sirishankar TODO Breakout session on AuthN > What is IZ Gateway using for its

IdP (Identity Provider)
Key (public key) repository

My understanding is that IZ Gateway has M2M (machine-to-machine) certificates (presumably public/private key) which are being used for MPox and COVID.

rmharrison commented 1 year ago

@kiran-k Re: 2022-12-13 Daily Scrum, cc @boris-ning-usds

Logical separation between Upload team and FHIR team.

Upload team: Moving towards SAMS integration in APIM
FHIR team: Moving towards machine IdP integration in APIM

Glidepath for Upload team

Non-SAMS IdP: Basic auth with APIM
Non-SAMS IdP: Client credentials with APIM (Presumably shared secret)
SAMS IdP: Client credentials with App Password (Presumably federated credential from SAMS)
Machine IdP: Client credentials (Presumably either certificate (pre-registered-pubkey) or federated credentials from Machine IdP)

(1) is sufficient for FY23-Q1.