Access Controls
Epic tracking the implementation of authenticated read/write access to data products through the Source Cooperative data proxy.
This work implements the architecture described in data.source.coop RFC-001, including OIDC-based identity federation, Role-based access scoping via an STS endpoint, and authenticated connections to upstream storage backends.
Key Design Documents
- ADR-001: S3 API Compatibility and Temporary Credentials
- ADR-004: Inbound Authentication — OIDC Federation and Role-Based STS Exchange
- ADR-005: Authorization Model — Role Ceiling with Dynamic Account Permission Resolution
- ADR-006: Outbound Connectivity — OIDC Issuer Model
Sub-issues
- Integrate Roles in data.source.coop
- Create STS endpoint for temporary credentials in data.source.coop
- Add admin interface for Roles in source.coop
- Support external OIDC Identity Providers
- Connect to backends with auth credentials (data proxy as OIDC provider)
- Enable uploads, multipart uploads, and deletes on data.source.coop
- Identity Provider admin tooling on source.coop
- Use data proxy for multipart uploads from the browser
Access Controls
Epic tracking the implementation of authenticated read/write access to data products through the Source Cooperative data proxy.
This work implements the architecture described in data.source.coop RFC-001, including OIDC-based identity federation, Role-based access scoping via an STS endpoint, and authenticated connections to upstream storage backends.
Key Design Documents
Sub-issues