Page MenuHomekolab.org

Temporary sharing / reviewing sharing after certain time
Open, LowPublic

Description

Sharing right now is always eternal.

Someone with access to a login X gets perpetual access to whatever data is shared with them.

But sometimes logins expire, users delete accounts, in some setups, logins may even get re-used. There is no automatic clean-up at the moment. So a third party may take over such a dangling, perpetual access permission, resulting in a data leak.

But even if there is the same user with access: People rarely stay in the same position, with the same requirements for access, forever.

Case in point: On Google I still have access to calendars that I was given access to during a consultancy mandate in 2009. There is nothing harmful or dangerous in there, but still: No-one apparently thinks about cleaning up access permissions, ever.

So perhaps access permissions should be reviewed/renewed on a regular basis, or be provided only for a certain time by default.

Usability around this would need some thought, though.

Details

Ticket Type
Task

Event Timeline

greve created this task.Jul 26 2016, 9:31 AM
hsmith added a subscriber: hsmith.Jul 26 2016, 1:37 PM

Hello @greve

First time poster, but a very happy Kolab Now customer :)

If you take a look at this link [JMAP google groups], this might add a little clarity, as it makes mention of cross-account object sharing. Refer to Neil's post where he said that the JMAP client would need to check for dangling IDs, but at the moment they are debating whether to include it in the spec.
https://groups.google.com/forum/#!topic/jmap-discuss/k2_EU4xwF_8

Hope this is helpful

Mr Roundcube @bruederli might be the man for this Task, given that Roundcube Next, and hopefully Kube will be JMAP-certified clients :)

vanmeeuwen raised the priority of this task from 20 to Low.Mar 28 2019, 8:13 AM