search

ncbo / virtual_appliance

Bioportal Virtual Appliance
5 stars 7 forks source link

Generate live key approval when Appliance starts #11

Closed graybeal closed 4 years ago

graybeal commented 5 years ago

Require that BioPortal Virtual Appliance have a valid Stanford-issued key to start up.

The flow is as follows (steps 3 and 5 may be provided by some key library or service).

  1. User is asked for Name, email, BioPortal user ID, and optionally contact phone number.
  2. Name, email, user ID, and optional phone are sent to the Stanford BP Key Server.
  3. BP Key Server calculates unique key based on hash of BioPortal user ID and private key of Stanford BP Key Server.
  4. If key is approved, BP Key Server sends unique key to provided email. (Because we must validate email, so we're sure we can contact them.)
  5. User enters key from email.
  6. Virtual Appliance confirms key correctness using BP Key Server's public key, and continues startup.
graybeal commented 5 years ago

The flow is as follows (steps 3 and 6 may be provided by some key library or service).

  1. User requests access to BioPortal VA as currently done. Our approval 'unlocks' key approval in step 4.
  2. On first system startup, user is asked for Name, appliance administrator email, BioPortal API key, and optionally contact phone number.
  3. Name, appliance administrator email, user BP API key, UUID of appliance, and optional phone are sent to the Stanford BP Key Server.
  4. BP Key Server calculates unique key based on hash of user BP API key, UUID of appliance, and private key of Stanford BP Key Server.
  5. If key (appliance request) is approved at Stanford, BP Key Server sends unique key to provided email. (Because we must validate email, so we're sure we can contact them.)
  6. User enters key obtained from email.
  7. Then and on each subsequent system startup, Virtual Appliance confirms key correctness using BP Key Server's public key, and continues startup.
  8. If key is not valid on startup, start a 30-day countdown during which system can still be started, and inform user how to contact us to resolve.
graybeal commented 4 years ago

Augmentations (in due course, not required for first release):

graybeal commented 4 years ago

This has largely been implemented, though with different sequence. At the moment the sequence is Download and install appliance, get the Appliance ID, Register for the appliance with the Appliance key. When the registration is approved, copy the key into the appliance.