OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

odata message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [OASIS Issue Tracker] (ODATA-1145) Align Authorization vocabulary with OpenAPI V3

    [ https://issues.oasis-open.org/browse/ODATA-1145?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=68991#comment-68991 ] 

George Ericson commented on ODATA-1145:

In another use, the OData service provides a management access point for a data center, which includes many resources, like computing systems and power distribution units.  In this case, the responsibility of the OData service is limited.  Responsibility for enforcing authorization rights is delegated to the modeled resources.   "If" this is in scope, then we need the ability to specify authorization down to individual entities.

> Align Authorization vocabulary with OpenAPI V3
> ----------------------------------------------
>                 Key: ODATA-1145
>                 URL: https://issues.oasis-open.org/browse/ODATA-1145
>             Project: OASIS Open Data Protocol (OData) TC
>          Issue Type: Bug
>          Components: Vocabularies
>    Affects Versions: V4.01_CS01
>         Environment: [Proposed]
>            Reporter: Michael Pizzo
>            Assignee: Michael Pizzo
>             Fix For: V4.01_CS02
> Our Authorization vocabulary was defined based on Swagger V2.
> OpenAPI V3 changes slightly the way authorization is specified.  In particular, it allows defining authorization flows, and then referencing those flows with a required set of scopes for a particular operation.
> OData-884 proposes adding the ability to specify the requests (and corresponding responses) associated with an entity set, singleton, etc. As part of this proposal, it makes sense to be able to associate particular flows and required scopes with those requests.  This can be done by:
> 1) Adding a Name to the Authorization type in order to reference a particular authorization, and
> 2) Adding a "SecuritySchemes" property to the HTTPRequest type that is a collection of authorization/scope requirements for invoking this particular request.

This message was sent by Atlassian JIRA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]