Closed gregelin closed 8 years ago
@JoshData Do you have thoughts on this question? Maybe create an API that also requires a key an then one instance could pass key to another instance that has the confidential documents?
Er. First, how do we secure kbs so that the things it's serving remain confidential?
As per Josh:
joshdata [2:08 PM]
- Multiple servers.
- Each will have a different set of non-public resources on disk by cloning resources from a different repository. (Public resources common to all of them would stay where they are.)
- Auth is a little easier because for now we can just do something dumb.
- A bot that has access to non-public resources would connect to a different kbs server. There would be a mapping on the bot server from Slack/Rocket.chat team IDs to kbs instances.
[2:09] Having said that, that doesn't sound nice.
[2:09] Although in the alternative, where there is one KBS server:
- Auth is harder.
- The bot server will still have to map team IDs to KBS credentials.
See https://govready.slack.com/archives/D17MPD6TV/p1464631593000026
I think I posted this before our conversation yesterday.
Sent from my iPhone
On May 30, 2016, at 1:35 PM, Joshua Tauberer notifications@github.com wrote:
Er. First, how do we secure kbs so that the things it's serving remain confidential?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
How do we make meta data files regarding proprietary documents as part of the service?
Do we set up a second server that provides information based on authentication? Do we mount secure information (then how do we only read for a particular user)? Do we require organization to set up their own version of kbs?