docs: more Cedarling overview docs #8996

nynymike · 2024-07-22T04:01:17Z

Prepare

Read PR guidelines
Read license information

Description

Target issue

#8831

Implementation Details

Initial docs for the Cedarling

Test and Document the changes

Static code analysis has been run locally and issues have been fixed
Relevant unit and integration tests have been added/updated
Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

I confirm that there is no impact on the docs due to the code changes in this PR.

dryrunsecurity · 2024-07-22T04:01:33Z

DryRun Security Summary

The pull request focuses on improving the documentation and transparency around the security-related features of the Janssen Project, particularly the "Jans Lock" and "Cedarling" components, which are actively developing and documenting their access control and authorization mechanisms.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the documentation and transparency around the security-related features of the Janssen Project, particularly the "Jans Lock" and "Cedarling" components. These changes suggest that the project is actively developing and documenting its access control and authorization mechanisms, which is a positive sign from an application security perspective.

The key security-related points highlighted in the changes include:

Centralized Policy Management: The Cedarling allows developers to manage security policies in a centralized policy store, making it easier to audit the security controls and create complex contextual policies.
JWT-based Authorization: The Cedarling uses OAuth and OpenID Connect JWTs for authorization, which is a common and secure approach for modern web applications.
Signature Validation and Token Revocation: The Cedarling can validate the signatures of the JWTs and check if a JWT has been revoked, enhancing the overall security of the system.
Audit Logging: The Cedarling creates an audit log of all authorization decisions, providing a valuable security record for monitoring and compliance purposes.
Flexible Configuration: The Cedarling has several configuration options, allowing developers to customize the security features to their specific needs.

Overall, the changes in this pull request indicate that the Janssen Project is continuously improving its security features and capabilities, which is a positive sign for the overall security posture of the application. As an application security engineer, I would recommend closely reviewing the upcoming documentation on the "Jans Lock" and "Cedarling" features to ensure that they are configured and used securely.

Files Changed:

docs/admin/lock/lock-master.md: This file adds new content to the "Lock Master" documentation page, including an overview of the "Jans Lock" feature and instructions for community engagement. The metadata and tags suggest that the content is related to access control and authorization mechanisms within the Janssen Project.
mkdocs.yml: This change adds two new pages to the navigation menu of the Janssen Project documentation: "Lock Master" and "Authorization Using Cedarling". These pages likely contain information about the Janssen Lock Master component and the Cedarling authorization system, respectively.
docs/admin/lock/cedarling.md: This file introduces the Cedarling, a local, autonomous Policy Decision Point (PDP) that runs as a WebAssembly (WASM) component in the browser. The Cedarling is responsible for making fast, deterministic authorization decisions based on policies defined in the Cedar policy syntax.
docs/admin/lock/README.md: This file provides an updated overview of the three key components in a Lock topology (Cedarling, Lock Master, and Agama Lab) and expands on the design goals and technical details of the Lock system, including the Policy Store and trusted issuer management.

Code Analysis

We ran 9 analyzers against 8 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

* More Cedarling overview docs * fix(docs): add links to navigation Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Former-commit-id: dfc910f

More Cedarling overview docs

b37f522

fix(docs): add links to navigation

75daf7b

Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com>

ossdhaval requested review from ossdhaval and manojs1978 July 22, 2024 07:13

ossdhaval approved these changes Jul 22, 2024

View reviewed changes

Merge branch 'main' into mike-cedarling-docs

41ec060

manojs1978 approved these changes Jul 22, 2024

View reviewed changes

moabu changed the title ~~docs: More Cedarling overview docs~~ docs: more Cedarling overview docs Jul 22, 2024

Merge branch 'main' into mike-cedarling-docs

671340c

mo-auto added the area-documentation Documentation needs to change as part of issue or PR label Jul 22, 2024

moabu merged commit dfc910f into main Jul 22, 2024
11 checks passed

moabu deleted the mike-cedarling-docs branch July 22, 2024 08:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

docs: more Cedarling overview docs #8996

docs: more Cedarling overview docs #8996

docs: more Cedarling overview docs #8996

docs: more Cedarling overview docs #8996

Conversation

Prepare

Description

Target issue

Implementation Details

Test and Document the changes

DryRun Security Summary

Code Analysis

Riskiness