VRE Backend API and Scheduler
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
Broker/SECURITY.md

1.2 KiB

Research Workspace Broker - Security

Here we explain which security measurements are taken. And how to report a security problem to the developers.

Authentication

In order to login as a researcher, you need a SurfConext account, which should be given by the university where you work. Therefore the VRE Broker does not know or store a researcher password. And password changes should be done at the university account settings.

The SurfConext authentication is multi factor.

Login sessions

When the researcher is logged in, the session stays active as long as the browser window is open. When the browser is closed, the login session is terminated. And a new login is enforced.

Special users

There are a few special users that can login without using SurfConnext. Those accounts are special system accounts. Think of a Django admin user, a user for VRW integration. Those accounts are used mainly for machine to machine communication.

Encryption

In order to integrate with external services, it could be needed to store sensitive data like passwords or security tokens. All those sensitive information is stored encrypted in the database using the following settings https://django-cryptography.readthedocs.io/en/latest/settings.html