[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] (COEL-26) RPE security analysis suggests MMI & PQI should have seperate access creds
[ https://issues.oasis-open.org/browse/COEL-26?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=61598#comment-61598 ] Joss Langford commented on COEL-26: ----------------------------------- This is the write-up of the discussion on 12th Jan now including David’s comment. I reviewed the sequence of use for the PQI and MMI. Although only MMI is need to set-up Operators, Consumers and Devices, it is likely that both will needed during the provision of services – often called one after the other. It seems probable that any action that leads to the disclosure of credentials will impact both even if they had separate logins. So I don’t think this is the best route forward. The actions with the 2 documents can be classified into: Low risk Accept information Medium risk Disclosing information High risk Destroying information We have already have a concession for low risk operations to allow the transaction without credentials. I suggest the medium risk operations remain as they are and we define an additional security level that is added to high risk operations. Low risk BAP: POST /atoms MMI: POST /service-provider/operator MMI: POST /operator/consumer MMI: POST /operator/device Medium risk BAP: GET /home PQI: POST /query PQI: POST /segment MMI: GET /service-provider/operators MMI: POST /service-provider/consumers IDA: POST /Validation IDA: POST /PseudonymousKey IDA: POST /PseudonymousKeyBatch High risk MMI: POST /operator/forget MMI: POST /operator/reasignDevice MMI: POST /service-provider/renameOperator > RPE security analysis suggests MMI & PQI should have seperate access creds > -------------------------------------------------------------------------- > > Key: COEL-26 > URL: https://issues.oasis-open.org/browse/COEL-26 > Project: OASIS Classification of Everyday Living (COEL) TC > Issue Type: Bug > Reporter: Joss Langford > Assignee: Joss Langford > -- This message was sent by Atlassian JIRA (v6.2.2#6258)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]