potiuk opened a new pull request, #352: URL: https://github.com/apache/directory-server/pull/352
**This is a draft proposal for the Directory PMC to review — please correct, reject, or discuss as needed.** Nothing here is a requirement; the maintainers are the decision-makers, and this describes the project *as the PMC says it is*. This PR adds the **Apache Directory umbrella `THREAT_MODEL.md`** (hosted here in `directory-server`) plus `SECURITY.md` and `AGENTS.md`, wiring `AGENTS.md -> SECURITY.md -> THREAT_MODEL.md`. The other nine in-scope repos (`directory-ldap-api`, `directory-kerby`, the four `directory-fortress-*`, `directory-scimple`, `directory-mavibot`, `directory-studio`) get discoverability pointers to this umbrella in companion PRs. The model captures the **shared** trust boundary across the stack — a network service that authenticates a remote principal and authorizes its requests over a wire protocol (LDAP / Kerberos / SCIM / REST) — with **per-domain addenda** where the surface diverges (LDAP bind/ACI, Kerberos KDC crypto, Fortress RBAC/SoD, SCIM, MVCC storage). Draft-first, mostly inferred (~18 documented / 0 maintainer / ~70 inferred); every `*(inferred)*` claim routes to a numbered **§14** question, grouped by domain. The **wave-1** rulings decide `VALID`-vs-misconfiguration across the stack: - **LDAP:** is anonymous/unauthenticated access off by default? - **Kerberos:** are weak enctypes (RC4/DES) disabled and preauth required by default? - **Fortress / SCIM:** do the REST endpoint, web console, and SCIM endpoints require authentication (+ TLS) by default? A meta question (§14 q10): would the PMC rather have **Kerby / Fortress / SCIMple** each carry their *own* full model (they are semi-independent products) instead of the umbrella? Proposed: umbrella + pointers now, split later if preferred. Context: the ASF Security team is preparing the project for an automated agentic security scan we're piloting. Drafted via the [threat-model-producer](https://gist.github.com/potiuk/da14a826283038ddfe38cc9fe6310573) rubric. If you'd rather author it yourselves, close this PR and we'll regroup. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
