View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000774610000-018: Role-Based SecuritySpecpublic2022-02-18 08:062022-03-11 15:22
ReporterMatthias Damm Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.05 
Fixed in Version1.05.02 RC1 
Summary0007746: IdentityCriteriaType Application and user token
Description

The current definition for IdentityCriteriaType Application is
"The rule specifies the combination of an application identity and an Anonymous UserIdentityToken."

Randy indicated in a discussion in the security WG that the limitation to allow the Application authentication criteria type only with anonymous user token would be a unnecessary limitation.

When adding this feature, the assumption was that this is used for headless applications that do not have a user.

I do not know if it is a use case that in one session, one role is assigned based on the application identity and another role is assigned based on the user token.
I think we should keep the use case headless device simple and we should not introduce additional special logic without having a use case.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Matthias Damm

2022-03-11 15:22

developer   ~0016349

Removed the relation to Anonymous token

Jim Luth

2022-03-11 15:22

administrator   ~0016350

Agreed to changes edited in Virtual F2F.

Issue History

Date Modified Username Field Change
2022-02-18 08:06 Matthias Damm New Issue
2022-02-18 08:15 Matthias Damm Description Updated
2022-02-18 08:15 Matthias Damm Description Updated
2022-03-11 15:22 Matthias Damm Assigned To => Matthias Damm
2022-03-11 15:22 Matthias Damm Status new => resolved
2022-03-11 15:22 Matthias Damm Resolution open => fixed
2022-03-11 15:22 Matthias Damm Note Added: 0016349
2022-03-11 15:22 Jim Luth Status resolved => closed
2022-03-11 15:22 Jim Luth Fixed in Version => 1.05.02 RC1
2022-03-11 15:22 Jim Luth Note Added: 0016350