Private content #184
Replies: 2 comments
-
i think in an ideal world there would be some sort of access control that is managed in the actual content repo (sharepoint/gdrive) that would bubble up all the way into authentication/authorization logic on the delivery tier. |
Beta Was this translation helpful? Give feedback.
-
You can (probably) wire preflight conditions with an authentication service like IMS/Okta/Auth0 to get authenticated strains. (There would need to be some protection so that you cannot just opt yourself in with a header, but that's easy to do) That would give us broad strokes cachable content for closed user groups. I do not think that individual authenticated access to resources is practical or desirable. |
Beta Was this translation helpful? Give feedback.
-
The "always public" mantra is a great until someone needs to stage and preview sensitive information. That is, content that will be public eventually, but cannot "go live" yet.
Examples
We all know horror stories of clever engineers finding paths to "secure through obscure" content to find pre-release product information. Apple is probably the most famous victim of this pattern. At Adobe, we definitely have the above need.
My hope is that this discussion can kick off getting a meaningful path to handling private content.
Requirements
Ideas
This isn't to be prescriptive (I hate when people tell me how to do my job), but hopefully it gets an idea across.
My initial thought was to handle this in the fstab.yaml...
There's obviously caching concerns, so the idea is to basically have fastly as the gatekeeper of hlx.page and hlx.live requests. If the authorization token / header / whatever matches what is in a dictionary, it delivers the content. Ideally, it would also cache, but still check tokens for every request.
Challenges
This starts to get weird if you think about mixing and matching private & public content. So I think the default should be, "you're either all private, or all public."
Another challenge is person-in-the-middle attacks. If your important person is on an insecure connection (public wifi, device compromised with bad certs), one could reasonably scrape authorization headers / tokens, or even just read the responses.
Beta Was this translation helpful? Give feedback.
All reactions