Closed caitlintuba closed 4 years ago
Is this a duplicate of #34
Before splitting this out into another microservice, investigate what options AWS WAF/ALB offers for path based+IP based routing/filtering:
Implement path/IP based WAF acl's
We still need to set up the IP block sets for this
Closed in #177
Service has two different user groups The keyclaim service implements functionality that would be used by health care providers, as well as the general public. These user groups are vastly different and by implementing the functionality in a shared service like this you are exposing the new-key-claim method to a wider audience of potentially malicious users.
REC-3 SEPARATE FUNCTIONALITY: The new-key-claim and claim-key methods should be split into separate services so that the audience for the new-key-claim method can be limited.
This came from the vulnerability analysis; originally Loudmouth Recommendation 3; was marked as low priority by security assessment team