GitLab

The Use Case

A process wants to access data held in the Data Platform. It executes with a "system" identity, not an end user identity. We want to identify this system process and entitle it so that it can perform some operations and not perform others.

We need to provision some kind of identity credential that is provided to the development team so that they can put it in their applications. We also need to think about what kind of credential this is and how best it can be protected and stored long term.

We need to think about the lifecycle of application/system credentials. Creation, rotation, retiring, auditing, etc.

Need to determine an authentication strategy for system accounts that works with OAuth/OIDC, perhaps even SAML. This will likely require "profiling" the specifications so that system accounts authenticate in a secure manner.