stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
4e3e575db596a66f01b712f9504d762f2ef07ea2
git.stella-ops.org/docs/updates/2025-10-31-console-security-refresh.md
master 4e3e575db5 feat: Implement console session management with tenant and profile handling 
- Add ConsoleSessionStore for managing console session state including tenants, profile, and token information.
- Create OperatorContextService to manage operator context for orchestrator actions.
- Implement OperatorMetadataInterceptor to enrich HTTP requests with operator context metadata.
- Develop ConsoleProfileComponent to display user profile and session details, including tenant information and access tokens.
- Add corresponding HTML and SCSS for ConsoleProfileComponent to enhance UI presentation.
- Write unit tests for ConsoleProfileComponent to ensure correct rendering and functionality.
2025-10-28 09:59:09 +02:00

957 B
Raw Blame History

2025-10-31 — Console Security Docs Refresh

Summary

  • Documented the new Authority /console endpoints (/tenants, /profile, /token/introspect) including tenant header enforcement, DPoP requirements, and five-minute fresh-auth behaviour.
  • Reduced the default Authority access-token lifetime to 120 seconds to match OpTok guidance and updated tests accordingly.
  • Updated Console security guidance to cover the newly issued orch:read scope and clarified session inactivity expectations.
  • Annotated authority.yaml.sample and the Authority ops runbook so operators forward X-Stella-Tenant and understand fresh-auth prompts.

Impact

  • Console release notes now reference the dedicated /console endpoints and their audit identifiers.
  • Security Guild can rely on the updated compliance checklist when executing Sprint23 sign-off.
  • Deployment teams have explicit configuration reminders for tenants and orchestrator dashboard access.