JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 43

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 44

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The Security Architecture includes:
    • Secure Communication:
      • Certificate Management: Create and deploy certificates for secure network communication between products.
      • Life Cycle Management: Create, update and delete certificates and deploy changes to products.
    • Secure Configuration:
      • Configurations include workflows, jobs and related objects.
      • These objects are digitally signed and deployed by a responsible person.
    • Secure Operation:
      • Access Management: Authentication and Authorization via a LDAP, OIDC, FIDO2 etc.
      • Credential Management: Use of a Credential Store for confidential data.
  • Wording
    • The term Deployment applies to a situation when a configuration is transferred from the JOC Cockpit to a Controller and Agents.
    • The term Roll-out applies to a situation when a configuration is transferred between environments, for example from non-production to production environments. Within the respective target environment a Deployment is performed to transfer configuration objects to Controllers and Agents.

...

  • Access Management includes access to JOC Cockpit and to the REST Web Service. This applies to both users who access the JOC Cockpit GUI and scripts, and applications that directly access the REST Web Service.
  • The Controller is assumed not to be accessed by users directly but exclusively via the JOC Cockpit REST Web Service. No default authentication is provided if the insecure HTTP protocol is used.
  • Agents are assumed not to be accessed by users directly but exclusively by a Controller. No default authentication is provided if the insecure HTTP protocol is used.

Access to JOC Cockpit is subject to authentication and authorization. 

JOC Cockpit implements a number of JS7 - Identity Services:

  • Identity Services with built-in support for local user management, LDAP, OIDC, FIDO2
  • Identity Services for use with external Identity Providers such as Keycloak®, HashiCorp® Vault

JOC Cockpit offers Role Based Access Management, see JS7 - Authorization

  • Permissions for operations in the GUI and in the JS7 REST Web Service can freely be grouped to roles.
  • Users are assigned roles.

Credential Management

  • Users frequently ask if JobScheduler can encrypt credentials. The answer is "no" as it makes no sense for an Open Source software to handle a symmetric key.
  • There is only one way to handle passwords: not to use them.

...