Most packaging technologies offer a solution for private repositories. These give enterprises and other users some degree of access control by defining “users” and grouping them into “teams” or “organizations”, and then assigning them “permissions” in one form or another. But is this enough?
Private repositories may provide a solution for distribution and access control within an organization, but they do not provide a commercial solution for external distribution. It’s impractical to have to define your customers and contacts as part of your own organization in order to give them access to components you want to distribute to them commercially. This is where Bintray steps in.
Bintray takes security to the next level offering fine-grained access control that other private repositories do not provide.
As a first layer of security, Bintray defines Organizations for which you can define three levels of membership: Owner, Administrator and Member, with a correspondingly different set of privileges.
Teams and permissions come into play once you define a repository as “Private”. Only users who are members of teams can access private repositories according to their team’s level of access.
Organizations, teams and permissions provide adequate access control for registered Bintray users who are usually within the same commercial organization. But when you want to provide access to someone who is outside of your organization you need more.
With the URL signing API, you can specify which file you want to distribute as well as an optional expiry date for the signed URL. This is a convenient way to distribute files from a private repository to users who do not have general access, or even to users to do not have a Bintray account at all, without exposing any other content in that repository. An additional benefit is that signed URLs authenticate you as the distributor of the file.
Entitlements and Access Keys give you even greater flexibility with access privileges letting you provide access control at any level, from a complete repository, down to a single file within a repository.
Organizations, teams and permissions put Bintray on a par with any private repository implementation offered by different software packaging systems. Signed URLs and entitlements and keys take security and privacy way beyond, providing fine-grained access control over any resource in your private repositories – from the level of a whole repository down to a single file.