You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR covers filling in the impact sections for ADRs 012-016 so that it is understood why the decision was made at the time and what the concerns were.
This PR errs on the side of being more verbose than not so that unneeded items can be stripped away during review, so please read carefully.
NOTE: a change to ADR 001 was added to this PR to make linking work better in the IDE.
Complexity Concern The added complexity due to the AuthN/AuthZ layers might need further review to ensure it does not overly complicate the system.
Wrapper Design The design of the wrapper interface should be reviewed to ensure it does not limit flexibility or create tight coupling with specific implementations.
-3. We validate that the JWT is valid given the public key they sent to us earlier.+3. We validate that the JWT is valid given the public key they sent to us earlier, implementing error handling to manage validation failures securely.
Suggestion importance[1-10]: 8
Why: Adding error handling for JWT validation failures is crucial for security and system stability, preventing unauthorized access and ensuring the system can gracefully handle errors.
8
General
Use automation to enforce the new key naming convention and manage key migrations
Implement automated tools or scripts to enforce the new naming convention and manage the migration of existing keys to reduce human error.
-This naming convention applies to all locations where our keys are stored.+This naming convention applies to all locations where our keys are stored, enforced through automated tools or scripts to ensure consistency and manage the migration of existing keys.
Suggestion importance[1-10]: 8
Why: Implementing automated tools to enforce naming conventions and manage key migrations reduces the risk of human error and ensures consistency across the system, which is crucial for security and operational efficiency.
8
Design the wrapper interface to be adaptable to changes in the third-party library
Ensure that the wrapper interface is designed to be flexible enough to accommodate changes in the underlying third-party library without significant rework.
-The implementation of this interface is customized to use the underlying third party library.+The implementation of this interface is customized to use the underlying third party library, designed with flexibility to adapt to changes in the third-party library with minimal rework.
Suggestion importance[1-10]: 6
Why: The suggestion to design the wrapper interface with flexibility enhances maintainability and adaptability, allowing easier updates or changes to the third-party library with minimal impact on the system.
6
Security
Enhance the security of JWT tokens by ensuring encryption and secure transmission
Ensure that the JWT tokens are properly encrypted and securely transmitted to prevent interception and misuse.
-We will use an AuthN/AuthZ concept similar to ReportStream's "two legged" auth. This model uses JSON Web Tokens (JWT) for secure client authentication and authorization across API interactions.+We will use an AuthN/AuthZ concept similar to ReportStream's "two legged" auth. This model uses encrypted JSON Web Tokens (JWT) for secure client authentication and authorization across API interactions, ensuring tokens are securely transmitted.
Suggestion importance[1-10]: 7
Why: The suggestion to ensure encryption and secure transmission of JWT tokens directly addresses a critical security aspect of authentication mechanisms, enhancing the security posture of the system.
devex/opexA development excellence or operational excellence backlog item.
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
tjohnson7021
added
the
devex/opex
Description
This PR covers filling in the impact sections for ADRs 012-016 so that it is understood why the decision was made at the time and what the concerns were.
This PR errs on the side of being more verbose than not so that unneeded items can be stripped away during review, so please read carefully.
NOTE: a change to ADR 001 was added to this PR to make linking work better in the IDE.
Issue #1247
Checklist