OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

odata message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] Commented: (ODATA-380) Insert a section in protocol (and similar in JSON and ATOM) named 'Security Considerations' (before 'Conformance')

    [ http://tools.oasis-open.org/issues/browse/ODATA-380?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=33616#action_33616 ] 

Stefan Drees commented on ODATA-380:

During application some enhancements in wording have been made.

Also in the latest editor draft revision, the JSON part has bee simplified, by removing the remark in parens, so as of now in JSON it reads:
21	Security Considerations
This specification raises no security issues.
This section is provided as a service to the application developers, information providers, and users of OData version 4.0 giving some references to starting points for securing OData services as specified. OData is a REST-full multi-format service that depends on other services and thus inherits both sides of the coin, security enhancements and concerns alike from the latter. 
For JSON-relevant security implications please cf. at least the relevant subsections of [RFC4627] as starting point.

Reason as noted in the document comment: 
Removed remark on section, as there is a dummy security section inside RFC4627 that points to the "real place" and without the remark we are more robust against changes, the new JSON WG might commit to the RFC on its way to STD augmentation.

> Insert a section in protocol (and similar in JSON and ATOM) named 'Security Considerations' (before 'Conformance')
> ------------------------------------------------------------------------------------------------------------------
>                 Key: ODATA-380
>                 URL: http://tools.oasis-open.org/issues/browse/ODATA-380
>             Project: OASIS Open Data Protocol (OData) TC
>          Issue Type: Improvement
>          Components: OData ATOM Format , OData JSON Format, OData Protocol 
>    Affects Versions: V4.0_CSD01
>         Environment: [Applied]
>            Reporter: Stefan Drees
>            Assignee: Stefan Drees
>             Fix For: V4.0_CSD02
> We have some spurious overlaps with security considerations but are remarkably silent about it as a whole, when considereing, that we suggest opening up the silos of data. Although we rely on other protocols that handle transport and security, we should follow the role model of IETF in enforcing a security considerations section in each I-D. It should be quite cheap as we can refer to the security considerations of the underlying protocols (HTTP has some elaboratesubsections on this)
> This started from discussions and comments on ODATA-301 but to the reporter also seems like a very natural, reasonable and "expected" thing to be provided by the TC and inside the work products.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators: http://tools.oasis-open.org/issues/secure/Administrators.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]