[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [OASIS Issue Tracker] Updated: (ODATA-301) Guidance around data authorization model and secure authenticated access to an OData Service
[ http://tools.oasis-open.org/issues/browse/ODATA-301?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ralf Handl updated ODATA-301:
-----------------------------
Fix Version/s: V4.0_CSD02
(was: V4.0_CSD01)
> Guidance around data authorization model and secure authenticated access to an OData Service
> --------------------------------------------------------------------------------------------
>
> Key: ODATA-301
> URL: http://tools.oasis-open.org/issues/browse/ODATA-301
> Project: OASIS Open Data Protocol (OData) TC
> Issue Type: Improvement
> Components: OData Protocol
> Affects Versions: V4.0_CSD01
> Environment: [Applied]
> Reporter: Ralf Handl
> Assignee: Martin Zurmuehl
> Fix For: V4.0_CSD02
>
>
> For interoperability it is highly desirable to define common minimum set of authentication methods, e.g. if a service requires authentication, it MUST accept basic authentication over HTTPS in addition to whatever else it chooses.
> For data authorization we give guidance whether the data model may depend on the authenticated user, only the data content. It puts a higher burden on clients if properties or entity sets appear in or disappear from the model depending on the authenticated user, requiring to always first interpret $metadata, or if only the data content depends on it, i.e. entities show up or not, nullable properties appear to be null or contain confidential information.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]