Secure Management of IOOS GitHub Organization
IOOS GitHub Organization & Q/A
DMAC Meeting 2017
IOOS GitHub Organization
●
47 Organization Members
●
9 Outside Collaborators
●
81 Repositories
●
18 Teams
●
6 Organization Owners
●
9 Members with 2FA
Current Privileges:
●
Members cannot create new repos
●
Default member repo permission: None
●
Require 2 factor authentication: No
Great, why is that all a problem?
●
Organization members can:
○
create new teams
○
become team maintainer
●
Teams or Members with Admin permissions to a repository can:
○
delete the repository
○
add or remove outside collaborators from a repository
○
transfer repositories into and out of the organization
○
add that repository to any team they belong to
○
change repository settings (webhooks, deploy keys, integrations, etc)
●
Team Maintainers can:
○
add organization members to a team
○
add repository access (Admin, R, W) to the team (if they have Admin access to the repository)
○
re-instate former organization members
○
promote an existing member to team maintainer
Safeguards currently in place
●
Members cannot create new repositories
●
Members do not have any default repository permissions
●
Only Org Owners can invite new members to the organization
●
Only Org Owners can assign Admin permissions for a Member or Team to a
repository
●
…
What are the risks?
●
Repository Admin privileges assigned to any Teams and Outside Collaborators
mean:
○
Any of these are able to delete our repositories
○
Any of these can add additional outside collaborators to a repository and give them Admin
privileges to that repo (then, see previous bullet)
○
Any of these can modify repository settings to enable third party integrations, web hooks, or deploy
keys (which can circumvent role based security protections at any time thereafter)
●
We need to keep in mind the possibility of a change in our ability to use GitHub
Path forward for managing IOOS GitHub
●
Question: how can we keep IOOS GitHub Organization secure while minimizing
overhead to manage it and allow contributors to contribute?
Proposal
●
Remove Admin privileges to repositories from all teams/outside collaborators
What this means:
●
Repository Admin privileges are restricted to
IOOS Organization Owners only
●
Allow teams to grow/manage themselves freely within organization (but without Admin rights)
●
Organization Owners would be needed to assign repository access to teams or outside collaborators, as
well as manage all individual repository settings (integrations, deploy keys, etc)
○
This is the
only
way to assure that the power to delete repositories is given only to Owners, and
can’t grow as members are added to teams with Admin privileges to repositories
Other Considerations
●
Decide what is the definition of an IOOS Organization ‘Member’ on GitHub: any
thoughts?
○
Any existing members who don’t fit the definition must be moved to outside collaborator, or
commit privileges removed so they must follow the GitHub PR workflow
●
2 factor authentication enforcement?
DMAC Webinar Topics
●
What topics would you like to hear about and how to collect ideas?
●
Benefits or success stories from certifications?
●
Stories of RAs diversifying their data management funding from other agencies?
●
Topic ideas: email
micah.wengren@noaa.gov
DMAC Meeting Feedback
●
Thoughts?
●
3 day DMAC meeting pros/cons?
●
…
GitHub Teams
Reference:
●
Team permissions:
https://help.github.com/articles/permission-levels-for-an-
organization/
●
Repository permissions:
https://help.github.com/articles/repository-permission-
levels-for-an-organization/
●
Team maintainer repo permissions:
https://help.github.com/articles/managing-
team-access-to-an-organization-repository/
Safeguarding the IOOS GitHub Organization involves ensuring proper permissions and access controls for members, teams, and collaborators. Risks include unauthorized deletion of repositories and potential security vulnerabilities. The path forward includes implementing security measures to protect the organization while facilitating contributions from authorized users.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
IOOS GitHub Organization & Q/A DMAC Meeting 2017
IOOS GitHub Organization 47 Organization Members 9 Outside Collaborators 81 Repositories 18 Teams 6 Organization Owners 9 Members with 2FA Current Privileges: Members cannot create new repos Default member repo permission: None Require 2 factor authentication: No
Great, why is that all a problem? Organization members can: create new teams become team maintainer Teams or Members with Admin permissions to a repository can: delete the repository add or remove outside collaborators from a repository transfer repositories into and out of the organization add that repository to any team they belong to change repository settings (webhooks, deploy keys, integrations, etc) Team Maintainers can: add organization members to a team add repository access (Admin, R, W) to the team (if they have Admin access to the repository) re-instate former organization members promote an existing member to team maintainer
Safeguards currently in place Members cannot create new repositories Members do not have any default repository permissions Only Org Owners can invite new members to the organization Only Org Owners can assign Admin permissions for a Member or Team to a repository
What are the risks? Repository Admin privileges assigned to any Teams and Outside Collaborators mean: Any of these are able to delete our repositories Any of these can add additional outside collaborators to a repository and give them Admin privileges to that repo (then, see previous bullet) Any of these can modify repository settings to enable third party integrations, web hooks, or deploy keys (which can circumvent role based security protections at any time thereafter) We need to keep in mind the possibility of a change in our ability to use GitHub
Path forward for managing IOOS GitHub Question: how can we keep IOOS GitHub Organization secure while minimizing overhead to manage it and allow contributors to contribute?
Proposal Remove Admin privileges to repositories from all teams/outside collaborators What this means: Repository Admin privileges are restricted to IOOS Organization Owners only Allow teams to grow/manage themselves freely within organization (but without Admin rights) Organization Owners would be needed to assign repository access to teams or outside collaborators, as well as manage all individual repository settings (integrations, deploy keys, etc) This is the only way to assure that the power to delete repositories is given only to Owners, and can t grow as members are added to teams with Admin privileges to repositories
Other Considerations Decide what is the definition of an IOOS Organization Member on GitHub: any thoughts? Any existing members who don t fit the definition must be moved to outside collaborator, or commit privileges removed so they must follow the GitHub PR workflow 2 factor authentication enforcement?
DMAC Webinar Topics What topics would you like to hear about and how to collect ideas? Benefits or success stories from certifications? Stories of RAs diversifying their data management funding from other agencies? Topic ideas: email micah.wengren@noaa.gov
DMAC Meeting Feedback Thoughts? 3 day DMAC meeting pros/cons?
GitHub Teams Reference: Team permissions: https://help.github.com/articles/permission-levels-for-an- organization/ Repository permissions: https://help.github.com/articles/repository-permission- levels-for-an-organization/ Team maintainer repo permissions: https://help.github.com/articles/managing- team-access-to-an-organization-repository/
