dave2wave commented on code in PR #575: URL: https://github.com/apache/tooling-trusted-releases/pull/575#discussion_r2718814812
########## atr/docs/security-authorization.md: ########## @@ -0,0 +1,217 @@ +# 3.12. Authorization security + +**Up**: `3.` [Developer guide](developer-guide) + +**Prev**: `3.11.` [Authentication security](security-authentication) + +**Next**: `3.13.` [Input validation](input-validation) + +**Sections**: + +* [Overview](#overview) +* [Roles and principals](#roles-and-principals) +* [LDAP integration](#ldap-integration) +* [Access control for releases](#access-control-for-releases) +* [Access control for projects](#access-control-for-projects) +* [Access control for tokens](#access-control-for-tokens) +* [Implementation patterns](#implementation-patterns) +* [Caching behavior](#caching-behavior) +* [Implementation references](#implementation-references) + +## Overview + +ATR uses role-based access control (RBAC) where roles are derived from ASF LDAP group memberships. Authentication (covered in [Authentication security](security-authentication)) establishes *who* a user is; authorization determines *what* they can do. + +The authorization model is committee-centric: most permissions are granted based on a user's relationship to a committee (PMC membership) or project (committer status). + +## Roles and principals + +ATR recognizes the following roles, derived from ASF LDAP: + +* **Public**: Unauthenticated users. Can view public information about releases and projects. + +* **Committer**: Any authenticated ASF committer. Can create Personal Access Tokens and view their own committees and projects. Determined by existence in LDAP `ou=people,dc=apache,dc=org`. + +* **Project Participant**: A committer who is a member of a specific project (has commit access). Can start releases, upload artifacts, and cast votes for that project. Determined by the `member` attribute in the project's LDAP group. Review Comment: No. Not all committers can start releases or upload artifacts. We have #520 to define the **Release Manager** and #523 to properly define who can do what. I am also unsure about externalizing the word **Participant** as everyone calls these individuals **Project Committers** -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
