( This email involves a general question to the infosec team as well as a specific question spawned from that general question for the IAM project )
The “Second Opinion” system I’m building for the IAM project provides a second opinion on a given users identity and authorization so that a compromise of auth0 or LDAP or an IAM administrators account does not compromise a website using the second opinion model.
For this to work we need to ensure that no single administrator (e.g. infosec team member) has rights in both the Auth0/LDAP/CIS system and the second-opinion system.
Question for infosec :I know there are some other areas where we intentionally have some team members with some rights and others without those same rights to create separation. What are those examples? I’d like to document them.
Question for IAM project (and infosec) I think for at least the time being I’ll need to administer the second opinion system while we get some experience under our collective belts. Given that I think I need to relinquish my rights that relate to Auth0 administration, and anything else that I could escalate into the ability to modify LDAP or any of those systems. Do we have enough auth0 admins without me or should we promote someone else? Is there any problem with me relinquishing these rights now?