stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity
Files
b0e56fa608f25fe94baecfdc7c396c84d1bc3cc5
git.stella-ops.org/docs/updates/2025-10-31-console-security-refresh.md
master b0e56fa608
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
Details
up
2025-10-28 09:58:55 +02:00

12 lines
957 B
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 2025-10-31 — Console Security Docs Refresh
## Summary
- Documented the new Authority `/console` endpoints (`/tenants`, `/profile`, `/token/introspect`) including tenant header enforcement, DPoP requirements, and five-minute fresh-auth behaviour.
- Reduced the default Authority access-token lifetime to 120 seconds to match OpTok guidance and updated tests accordingly.
- Updated Console security guidance to cover the newly issued `orch:read` scope and clarified session inactivity expectations.
- Annotated `authority.yaml.sample` and the Authority ops runbook so operators forward `X-Stella-Tenant` and understand fresh-auth prompts.
## Impact
- Console release notes now reference the dedicated `/console` endpoints and their audit identifiers.
- Security Guild can rely on the updated compliance checklist when executing Sprint23 sign-off.
- Deployment teams have explicit configuration reminders for tenants and orchestrator dashboard access.
Reference in New Issue View Git Blame Copy Permalink