[mitreid-connect] Bulk data access security under OIDC
Tony Fendall [DATACOM]
TonyF at datacom.co.nz
Wed Aug 5 23:40:31 EDT 2015
Hello
I have an existing web application which uses MITREid Connect and exposes a REST API. Currently passing access tokens to the REST API gives access only to the data of the current user (who own the access token). I want to extend this system and give a specific client access to data of all users, and am wondering how best to implement this.
Option 1:
Create a specific user account with ROLE_BULK_ACCESS, then generate an access token as this user. When holding this specific access token the client application can then inherit this bulk access role giving them access to the new end points.
Option 2:
Use client credentials (client id and secret) to generate a client access token. Give this client a specific "bulk access" scope which can then be used to control access to the new end points.
Do either of those options sound like a reasonable solution? Any advice would be gratefully received.
Thanks
Tony Fendall
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150806/4a7382f4/attachment.htm
More information about the mitreid-connect
mailing list