-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstandards.tex
23 lines (18 loc) · 1.17 KB
/
standards.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
\section{Design and Implementation Standards}\label{design-implementation-standards}
Standards have been adopted by the DM Change Control Board (CCB) that apply to
all component designs within the LSST DM System. Coding standards and the like
that are not pertinent to design may be found in the LSST DM Developer Guide
(\citep{DevGuide}).
\subsection{HTTPS Protocol}
In the absence of a specific technical justification and acceptance by the LSST
Information Security Officer and DM Change Control Board, all Web-enabled user
interfaces and Web services exposed to users and the public Internet will use
the HTTPS protocol and not the HTTP protocol. To reiterate: this is only a
default, and exceptions can be made when justified.
The covered interfaces include those of the three LSP Aspects (Portal,
JupyterLab, and Web APIs).
The requirement to implement data access policies limiting data access to
identified rights holders will require all, or nearly all, data access to be
authenticated provides a strong technical justification. In addition, it
appears to be appropriate "technical best practice" in the current Internet
environment, in the absence of good reasons to do otherwise.