[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [odata] [OASIS Issue Tracker] Commented: (ODATA-301) Guidance around data authorization model and secure authenticated access to an OData Service
"""**move** to close ODATA-34, ODATA-48, ODATA-144, ODATA-192, ODATA-223, ODATA-224, ODATA-239, ODATA-240, ODATA-286, ODATA-298, ODATA-301, ODATA-323, ODATA-326, ODATA-330, ODATA-331, ODATA-332, ODATA-334, ODATA-335, ODATA-336, ODATA-337, ODATA-339, ODATA-340, ODATA-341, ODATA-342, ODATA-343, ODATA-345, ODATA-347, ODATA-350, ODATA-352, ODATA-353, ODATA-354, ODATA-355, ODATA-356, ODATA-357, ODATA-358, ODATA-359, ODATA-360, ODATA-361, and ODATA-363 as applied.
"""after the editors will have pointed out all "[...] issues where they had problems with applying"
:-) All the best, Stefan. Am 01.05.13 09:39, schrieb OASIS Issues Tracker:
[ http://tools.oasis-open.org/issues/browse/ODATA-301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=33256#action_33256 ] Hubert Heijkers commented on ODATA-301: --------------------------------------- Since we accepted this issue we changed conformance level names. I trust you add the requirement for basic authentication to the now 'Acvanced' conformance level? Also I'm not convinced that client MUST support this to be an interoperable client.Guidance around data authorization model and secure authenticated access to an OData Service -------------------------------------------------------------------------------------------- Key: ODATA-301 URL: http://tools.oasis-open.org/issues/browse/ODATA-301 Project: OASIS Open Data Protocol (OData) TC Issue Type: Improvement Components: OData Protocol Affects Versions: V4.0_CSD01 Environment: [Applied] Reporter: Ralf Handl Assignee: Martin Zurmuehl Fix For: V4.0_CSD01 For interoperability it is highly desirable to define common minimum set of authentication methods, e.g. if a service requires authentication, it MUST accept basic authentication over HTTPS in addition to whatever else it chooses. For data authorization we give guidance whether the data model may depend on the authenticated user, only the data content. It puts a higher burden on clients if properties or entity sets appear in or disappear from the model depending on the authenticated user, requiring to always first interpret $metadata, or if only the data content depends on it, i.e. entities show up or not, nullable properties appear to be null or contain confidential information.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]