diff --git a/xml/obs_ag_security_concepts.xml b/xml/obs_ag_security_concepts.xml index ea0d9148..77f40876 100644 --- a/xml/obs_ag_security_concepts.xml +++ b/xml/obs_ag_security_concepts.xml @@ -18,11 +18,11 @@ However, optional services to integrate remote resources exist as well. These resources are either mirrored and stored in revision control system or just cached. - + Frontend The API and web interface frontends is the only part which must be accessible from public network. A SSL/TLS certificate is highly recommended. - + Access to Mirror Servers The following services require access to stage servers. These servers can be used to publish content without the need to make &obs; server parts @@ -40,7 +40,7 @@ - + Access to the Public Network The following services may require access to the public network. @@ -67,14 +67,14 @@ - + Worker network It is recommended to run the &obs; workers in an isolated network. This is an additional security mechanism in case of a security breach on a worker. This network needs access to the source and repository servers of the &obs; backend, but nowhere else. - + Signer network It is recommended to run the signd on an isolated host. The signer services need to stay on the &obs; backend servers, they are just used for scheduling @@ -88,7 +88,7 @@ backend server components (source server and publisher). - + Build Environment The build environment is created by obsworker instances via the build script. Inside the build instances unverified and potentially harmful code is executed. @@ -112,7 +112,7 @@ source packages are rebuildable without root permissions. - + Source Revision System The source revision storage system is part of &obs;. The identification of sources still happens using MD5 sums for historic reasons. MD5 is considered to be still @@ -126,7 +126,7 @@ builds, but it should be avoided for base projects. - + Permission Handling Authorization for write operations is done via the maintainer role on package or project level. On project level the projects are organized in namespaces @@ -136,7 +136,7 @@ top level namespaces (for example, openSUSE: namespace in our reference instance). - + Signature Handling Signatures are used to proof the origin of a shipment independent of &obs; instance. Once the signd daemon has @@ -187,11 +187,11 @@ separated via network or virtualization mechanics. - + Public Zones Public zones are areas where any code under user control is running. - + External Network This can be the public Internet if the &obs; instance is a public @@ -201,7 +201,7 @@ connections to the Internet as described below. - + Untrusted Code All code which is used to build content is considered @@ -215,12 +215,12 @@ - + Demilitarized Zone (DMZ) The Demilitarized Zone contains services which interact with the public zone directly. - + &obs; Frontend The frontend service is the only service which provides an open port. @@ -230,7 +230,7 @@ the source server only. - + &obs; Frontend Background Services &obs; frontend background services handle less time critical operations. @@ -238,7 +238,7 @@ trackers, sending notifications or long running jobs. - + Stage Server The stage server is providing the public content of the &obs; backends. @@ -246,7 +246,7 @@ a mirror infrastructure. - + Cloud Uploader The cloud uploader is uploading build results on user request. It reads @@ -255,7 +255,7 @@ This is an optional service. - + Source Service Server The source service server is acting based on uploaded sources. The @@ -266,12 +266,12 @@ - + Internal Zone The internal zone is running service which are supposed to work without further external dependency. - + &obs; Source Server The source server coordinates changes to package and project configuration. @@ -281,7 +281,7 @@ There can only be a single source server per OBS install. - + &obs; Binary Servers Binary Servers are hosting all content of build results. They @@ -289,7 +289,7 @@ staging server. - + External Dependencies The internal zone has no external dependency. @@ -300,19 +300,19 @@ - + Worker Zone The &obs; workers are running in an own isolated network. They access only source and binary servers from internal zone. - + Signing Server The signing server is supposed to be the most isolated service. It is supposed to be stateless after initial setup. Avoid to enable any remote access. -
+
Trust Zones of &obs;