Secure Management of IOOS GitHub Organization

Slide Note
Embed
Share

Safeguarding the IOOS GitHub Organization involves ensuring proper permissions and access controls for members, teams, and collaborators. Risks include unauthorized deletion of repositories and potential security vulnerabilities. The path forward includes implementing security measures to protect the organization while facilitating contributions from authorized users.

tanvi
tanvi Follow

Uploaded on Aug 19, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. IOOS GitHub Organization & Q/A DMAC Meeting 2017

  2. IOOS GitHub Organization 47 Organization Members 9 Outside Collaborators 81 Repositories 18 Teams 6 Organization Owners 9 Members with 2FA Current Privileges: Members cannot create new repos Default member repo permission: None Require 2 factor authentication: No

  3. Great, why is that all a problem? Organization members can: create new teams become team maintainer Teams or Members with Admin permissions to a repository can: delete the repository add or remove outside collaborators from a repository transfer repositories into and out of the organization add that repository to any team they belong to change repository settings (webhooks, deploy keys, integrations, etc) Team Maintainers can: add organization members to a team add repository access (Admin, R, W) to the team (if they have Admin access to the repository) re-instate former organization members promote an existing member to team maintainer

  4. Safeguards currently in place Members cannot create new repositories Members do not have any default repository permissions Only Org Owners can invite new members to the organization Only Org Owners can assign Admin permissions for a Member or Team to a repository

  5. What are the risks? Repository Admin privileges assigned to any Teams and Outside Collaborators mean: Any of these are able to delete our repositories Any of these can add additional outside collaborators to a repository and give them Admin privileges to that repo (then, see previous bullet) Any of these can modify repository settings to enable third party integrations, web hooks, or deploy keys (which can circumvent role based security protections at any time thereafter) We need to keep in mind the possibility of a change in our ability to use GitHub

  6. Path forward for managing IOOS GitHub Question: how can we keep IOOS GitHub Organization secure while minimizing overhead to manage it and allow contributors to contribute?

  7. Proposal Remove Admin privileges to repositories from all teams/outside collaborators What this means: Repository Admin privileges are restricted to IOOS Organization Owners only Allow teams to grow/manage themselves freely within organization (but without Admin rights) Organization Owners would be needed to assign repository access to teams or outside collaborators, as well as manage all individual repository settings (integrations, deploy keys, etc) This is the only way to assure that the power to delete repositories is given only to Owners, and can t grow as members are added to teams with Admin privileges to repositories

  8. Other Considerations Decide what is the definition of an IOOS Organization Member on GitHub: any thoughts? Any existing members who don t fit the definition must be moved to outside collaborator, or commit privileges removed so they must follow the GitHub PR workflow 2 factor authentication enforcement?

  9. DMAC Webinar Topics What topics would you like to hear about and how to collect ideas? Benefits or success stories from certifications? Stories of RAs diversifying their data management funding from other agencies? Topic ideas: email micah.wengren@noaa.gov

  10. DMAC Meeting Feedback Thoughts? 3 day DMAC meeting pros/cons?

  11. GitHub Teams Reference: Team permissions: https://help.github.com/articles/permission-levels-for-an- organization/ Repository permissions: https://help.github.com/articles/repository-permission- levels-for-an-organization/ Team maintainer repo permissions: https://help.github.com/articles/managing- team-access-to-an-organization-repository/

Related


Getting Started with GitHub Desktop for Version Control

Getting Started with GitHub Desktop for Version Control

avagrace
Diversity, Equity, Inclusion, and Accessibility in IOOS: Fellowship Progress and Planning

Diversity, Equity, Inclusion, and Accessibility in IOOS: Fellowship Progress and Planning

quan_ie
U.S. IOOS Advisory Committee Overview

U.S. IOOS Advisory Committee Overview

onyx_41
Comprehensive Overview of Git and GitHub for CS 4411 Spring 2020

Comprehensive Overview of Git and GitHub for CS 4411 Spring 2020

cull_372
Understanding Github Status and Future Plans in the COSMO Consortium

Understanding Github Status and Future Plans in the COSMO Consortium

maydel
GitHub and Arduino: A Guide to Posting, Downloading, and Uploading Code

GitHub and Arduino: A Guide to Posting, Downloading, and Uploading Code

tmerc
Master Version Control with GitHub in Computer Science 209.1

Master Version Control with GitHub in Computer Science 209.1

lstil
Understanding Version Control with Git: A Comprehensive Overview

Understanding Version Control with Git: A Comprehensive Overview

richie
Let's Git Going: Distributing Tools Online and Other News

Let's Git Going: Distributing Tools Online and Other News

kkerr
Contributing to Open Source PowerShell Projects Guide

Contributing to Open Source PowerShell Projects Guide

plac_zzy
Updates from CCSDS Fall 2022 Toulouse Meetings

Updates from CCSDS Fall 2022 Toulouse Meetings

barsh
GitHub Essentials: Creating Repositories, Branches, and Pull Requests

GitHub Essentials: Creating Repositories, Branches, and Pull Requests

antavi
Digital Platforms for Scholarly Engagement in Astrophysics and Data Science

Digital Platforms for Scholarly Engagement in Astrophysics and Data Science

ccroy
Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

Tamper-Evident Pairing (TEP) Protocol for Secure Wireless Pairing Without Passwords

quer_sna
Streamlining Data Submission and Tracking for Glider Data Assembly Center

Streamlining Data Submission and Tracking for Glider Data Assembly Center

sheyi
Web Camera Applications Testbed Project Overview

Web Camera Applications Testbed Project Overview

pol_nze
Quality Assurance/Quality Control of Real-Time Oceanographic Data: Five-Year Plan Update 2022-2026

Quality Assurance/Quality Control of Real-Time Oceanographic Data: Five-Year Plan Update 2022-2026

tava_2
Understanding Computer Organization and Memory Management

Understanding Computer Organization and Memory Management

vfein
Understanding Secure Act 2.0 Key Provisions

Understanding Secure Act 2.0 Key Provisions

argus
Introduction to SFTP & PGP Encryption for Secure Data Transfer

Introduction to SFTP & PGP Encryption for Secure Data Transfer

bunty
Ensuring Secure Testing Environments in Oregon Education System

Ensuring Secure Testing Environments in Oregon Education System

kate
Secure Computation Techniques in RAM Models with Efficient Automation

Secure Computation Techniques in RAM Models with Efficient Automation

terence
Actively Secure Arithmetic Computation and VOLE Study

Actively Secure Arithmetic Computation and VOLE Study

cayal
Accessing and Utilizing CPCSSN Secure Research Environment (SRE)

Accessing and Utilizing CPCSSN Secure Research Environment (SRE)

hodgins_c

More Related Content