Create “Allow List” system for public Binderhub service¶
Participate in the issue: github
Context¶
In the Product and Services MVP 2.0, we explored the concept of a 2i2c-run public binderhub service in the vein of mybinder.org which would allow interactive content shared by 2i2c member organizations to be launched on a small to medium binder.
Additionally, we envisioned an additional community-specific binder that would only launch content shared by members of that community.
What we need to do¶
Either of these use cases necessitate the creation of an allow list, and improvements to our current "magic link"content sharing system, that would
Encode information about the originating member organization within the “magic link” used to share interactive content
Index all new content shared by member communities
Allow our or the community’s binderhub service to compare such information against its own internal allow list to determine whether to launch the content.
Allow 2i2c to configure a binder’s allow list.
Automatically update the allow list of a public binder whenever a new member community is on-boarded by 2i2c.
It is understood that once a piece of content is successfully launched, any other arbitrary code can be run within that session - preventing this is out of the scope of this issue.
A sketch of how this might work can be found on this miro board
Further discussion can be found in this thread
Definition of Done¶
We can configure a binder to only launch content shared by communities we select.
The functionality is fully documented
We have communicated the availability of this feature to our communities
Status: Upcoming P&S initiatives
Back to: All Initiatives