Page MenuHomePhabricator
Create Task
Maniphest T289579

<Security Initiative> P2P Proxy API
Closed, InvalidPublic5 Estimated Story PointsSecurity
Actions

Description

Request Type: Research
Request Title: P2P Proxy API

Request Description: We are talking with trust and safety about an access controlled APIs for spammy IP feeds provided by a vendor. We’d like to understand if we can leverage existing API frameworks for this. Could we get some of your time to talk about requirements and potential solutions?

Details:

  • Indicate Priority Level: Choose: Critical, High, Medium, Low
  • Main Requestors: Security (Scott Bassett), Toby
  • Ideal Delivery Date: <TBD>
  • Stakeholders: community, admins, security, trust & safety

Required Documents:

Related PHAB Tickets{T265845}
Product One Pager<add link here>
Product Requirements Document (PRD)<add link here>
Product Roadmap<add link here>

Optional Documents:

Product Planning Document (Business Case)<add link here>
Product Brief<add link here>
Other Links<add links here>

Details

Risk Rating
Low
Author Affiliation
WMF Product

Related Objects
Search...

StatusSubtypeAssignedTask
 InvalidSecurityNoneT289579 <Security Initiative> P2P Proxy API
Restricted Task

Event Timeline

DAbad created this task.Aug 24 2021, 3:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 24 2021, 3:35 PM
DAbad set the point value for this task to 5.Aug 24 2021, 3:35 PM
DAbad updated the task description. (Show Details)Aug 24 2021, 4:10 PM
sdkim updated the task description. (Show Details)Aug 24 2021, 4:11 PM
L235 subscribed.Aug 25 2021, 4:14 PM
stwalkerster subscribed.Aug 25 2021, 4:28 PM
MarioGom subscribed.Aug 25 2021, 4:35 PM
GeneralNotability subscribed.Aug 25 2021, 4:51 PM
Ameisenigel subscribed.Aug 25 2021, 5:49 PM
Firefly subscribed.Aug 25 2021, 7:04 PM
TheresNoTime subscribed.Aug 25 2021, 7:04 PM
Tamzin subscribed.Aug 25 2021, 7:08 PM
L235 set Security to Software security bug.Aug 25 2021, 7:09 PM
L235 added projects: Security, Security-Team.
L235 changed the visibility from "Public (No Login Required)" to "Custom Policy".
L235 changed the subtype of this task from "Task" to "Security Issue".

I'm going to make this a security-protected issue for now for the reasons given in T265845#7309052 as a precaution. If this was the wrong call please feel free to reverse, but I'd rather be safe than sorry.

L235 added a subscriber: Blablubbs.Aug 25 2021, 7:15 PM
Urbanecm subscribed.Aug 26 2021, 4:01 PM

Thanks @L235.

Tks4Fish subscribed.Aug 26 2021, 4:32 PM
Niharika updated the task description. (Show Details)Aug 28 2021, 12:27 AM
Niharika subscribed.
sbassett edited projects, added SecTeam-Processed; removed Security-Team.Aug 30 2021, 3:40 PM
sbassett subscribed.
DAbad changed the task status from Open to Stalled.Oct 14 2021, 3:08 PM
DAbad triaged this task as Medium priority.
DAbad moved this task from Investigate to Parking Lot (Reviewed but Not Prioritized) on the Foundational Technology Requests board.

Given the current priorities and scope of this request, after reviewing with Technology leadership this request has not been prioritized to be picked up this quarter.

The Steering Committee will periodically review for reprioritization.

sbassett added a comment.Oct 14 2021, 3:29 PM
In T289579#7428681, @DAbad wrote:

Given the current priorities and scope of this request, after reviewing with Technology leadership this request has not been prioritized to be picked up this quarter.

The Steering Committee will periodically review for reprioritization.

Ok, I think most of the related work for this has been moved to T290917 anyways, which is being actively worked upon by members of the Security-Team et al. So this task can likely be declined as invalid.

sbassett added a subscriber: STran.Nov 5 2021, 2:11 AM
DAbad renamed this task from <Research> P2P Proxy API to <Security Initiative> P2P Proxy API.Dec 8 2021, 9:29 PM
DAbad added a subtask: Restricted Task.Jan 4 2022, 8:31 PM
sbassett added a comment.Jan 4 2022, 9:35 PM

Just FYI, as mentioned within my previous comment, some progress has been made on this and related work within T290917 and its sub-tasks. We were extremely fortunate to have @STran as an engineering resource (via x-departmental collaboration and their choice in allocating their 20% time) this past quarter to further work on a sort of MVP for a centralized security API service, with a generic data feed product as its first API. I'm happy to debrief where we're at on these efforts and what a product roadmap could look like for this service.

Aklapper removed sdkim as the assignee of this task.Feb 6 2022, 8:02 PM
Aklapper added a subscriber: sdkim.

Removing inactive task assignee.

Reedy edited subscribers, added: SCherukuwada; removed: sdkim.Dec 9 2022, 2:19 PM
kostajh subscribed.Jul 4 2023, 5:27 AM
kostajh added a comment.EditedAug 24 2023, 7:19 AM

If I understand the task description correctly, this work is actively underway in iPoid-Service, see T339284: Deploy ipoid for progress on deployment. The first use case is displaying data in the IP Info extension, but further on, we can look at how other tooling in the ecosystem can access data provided by iPoid-Service.

I'd suggest declining or marking this task as a duplicate of T325147

sbassett closed this task as Invalid.Aug 24 2023, 4:07 PM
sbassett removed a project: Foundational Technology Requests.
In T289579#9115829, @kostajh wrote:

If I understand the task description correctly, this work is actively underway in iPoid-Service, see T339284: Deploy ipoid for progress on deployment. The first use case is displaying data in the IP Info extension, but further on, we can look at how other tooling in the ecosystem can access data provided by iPoid-Service.

I'd suggest declining or marking this task as a duplicate of T325147

+1 to declining or marking invalid. This task was essentially superseded by the proof-of-concept work that sprung out of T290917.

sbassett lowered the priority of this task from Medium to Low.Aug 24 2023, 4:07 PM
sbassett changed Author Affiliation from N/A to WMF Product.
sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".
sbassett changed Risk Rating from N/A to Low.
Johannnes89 subscribed.Apr 17 2024, 7:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL