[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Updated: (ODATA-301) Guidance around data authorization model and secure authenticated access to an OData Service
[ http://tools.oasis-open.org/issues/browse/ODATA-301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ralf Handl updated ODATA-301: ----------------------------- Fix Version/s: V4.0_CSD02 (was: V4.0_CSD01) > Guidance around data authorization model and secure authenticated access to an OData Service > -------------------------------------------------------------------------------------------- > > Key: ODATA-301 > URL: http://tools.oasis-open.org/issues/browse/ODATA-301 > Project: OASIS Open Data Protocol (OData) TC > Issue Type: Improvement > Components: OData Protocol > Affects Versions: V4.0_CSD01 > Environment: [Applied] > Reporter: Ralf Handl > Assignee: Martin Zurmuehl > Fix For: V4.0_CSD02 > > > For interoperability it is highly desirable to define common minimum set of authentication methods, e.g. if a service requires authentication, it MUST accept basic authentication over HTTPS in addition to whatever else it chooses. > For data authorization we give guidance whether the data model may depend on the authenticated user, only the data content. It puts a higher burden on clients if properties or entity sets appear in or disappear from the model depending on the authenticated user, requiring to always first interpret $metadata, or if only the data content depends on it, i.e. entities show up or not, nullable properties appear to be null or contain confidential information. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]