Kavindu-Dodan
commented
1 year ago Moving to flagd as this is implementation specific concern.
Closed Kavindu-Dodan closed 1 year ago
Kavindu-Dodan
commented
1 year ago Moving to flagd as this is implementation specific concern.
Feature Flag evaluation audits could be a security requirement for auditing purposes. For such audits, it is desired to have details on the entity that invoked the evaluation.
For server-side invocations, this could be a simple server application identifier. For client-side invocations, this could consist of numerous identifiers such as application id, browser vendor, IP or a unique identifier that sperate one client from another. For both cases, this could be even a session ID or a token.
Further, if implemented correctly, this identification could be utilized to enforce access control mechanism.