Security audit of v2

[soniasantiago]

As part of T3.3 a security audit must be carried out. This audit should be applied to as many AIoD services as possible. In the past edition it was applied to the Metadata Catalogue API and the AI Builder.

We have contacted our colleagues at ITI in charge of this and they estimate they could do this by end of November or beginning of December. However, they availability is limited and won't be able to audit all services.

Thus, we would need to prioritise only a few of them. We assume that the most relevant one is the AIoD REST API and all its associated components.

[soniasantiago]

The idea is to start with the REST API and then test either the MCE or the AI Catalogue, depending on the available time.
The security audit will be performed on testing environment. Note that during the security audit services might be affected disrupting their normal functionality or even erase data. Thus, we would need confirmation @joaquinvanschoren that we can use the testing environments for that.

So far, these are the testing instances that could be used:

• REST API: instance deployed at UCC: https://aiod.insight-centre.org/docs
• AI Catalogue: instance deployed at ITI: https://catalogue-aiod-dev.iti.es/resources
• MCE: the one to be deployed at UCC? (If deployment is not too complex, perhaps we can deploy another instance at ITI)

[soniasantiago]

Security audit work probably starting next week, at the earliest.
Results will be provided most likely in January.

Security audit will finally be performed in service instances deployed in ITI testing environment to avoid any undesirable interferences.