Open Bug 1824207 Opened 2 years ago Updated 2 years ago

3rd party account management registration for Discord

Categories

(Cloud Services :: Security, task)

task

Tracking

(Not tracked)

People

(Reporter: couci, Assigned: u429623)

Details

(Whiteboard: [foxsec-IM-sam:tbd])

We are using the 3rd party service Discord, which requires accounts on their system for administration and/or usage of the service. Per the standard this bug identifies the accountable individuals for the service and the accounts:

Service Owner: kpapadea@mozilla.com
Service Account Manager: STAFF_LDAP (optional, defaults to owner)

This service is integrated with Mozilla IAM: NO
This service uses durable access keys assigned to individuals: NO
(If IAM is "yes", AND durable keys is "no", you are done. Please submit this bug as is.)

Because this service does not integrate with Mozilla IAM, we have established our own procedure as follows:

Responsible Director: bborrman@mozilla.com and iudom@mozilla.com
Service Account Manager Delegates: STAFF_LDAPS (optional)
URL to mana page with account management procedure: URL Example Procedure

A list of current users and durable access keys is maintained at: FILL_IN_ANSWER

We haven't opened the server yet, opening this bug for visibility.
MDN and Hubs also have their own servers. This is part of the Responsible AI challenge, so we would like to have the server up and running by the 30th.
We will of course take care of setting everything up, just wanted to notify the security team we are doing this.

Not sure if any other approvals are needed.

For more context here is the bug from MDN and Hubs: https://bugzilla.mozilla.org/show_bug.cgi?id=1771665

Adding Hal here in case we need to do anything else before we open the server

Flags: needinfo?(hwine)

Oops - I have to update the standards doc to point to the new location of the example

As you'll see, it's pretty straightforward. Feel free to ping hwine in slack with questions.

Assignee: nobody → hwine
Flags: needinfo?(hwine)
You need to log in before you can comment on or make changes to this bug.