View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008317 | 10000-018: Role-Based Security | Spec | public | 2022-09-12 10:03 | 2023-06-20 20:04 |
Reporter | Matthias Isele | Assigned To | Matthias Damm | ||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.05.02 RC1 | ||||
Fixed in Version | 1.05.03 RC1 | ||||
Summary | 0008317: WellKnownRoles for RoleManagement and UserManagement missing | ||||
Description | Right now the specification only states that the methods to manage roles and users are "callable by authorized administrators". I assume 2 Role should cover the common use-cases. | ||||
Tags | No tags attached. | ||||
Commit Version | |||||
Fix Due Date | |||||
|
Two roles are already defined (SecurityAdmin and ConfigureAdmin). Need to make sure the roles are referred to not "callable by authorized administrators". |
|
There is also inconsistency for requirement of encryption / signing 4.4.1 RoleType definition 4.4.5 AddIdentity Method All other Methods do not have this additional requirement for encryption (which is already required by the statement below the table) 4.2.1 RoleSetType definition |
|
Replaced related text in all Methods with the following text (taken from AddIdentity + SecurityAdmin reference): The Client shall use an encrypted channel and shall provide user credentials with administrator rights like SecurityAdmin Role when invoking this Method on the Server. Only ChangePassword has different text. We do not need additional standard roles. The SecurityAdmin should cover this part since it is security administration for the server. Products can always add more roles if they want to make a difference. |
|
Agreed to changes edited in virtual F2F. |
Date Modified | Username | Field | Change |
---|---|---|---|
2022-09-12 10:03 | Matthias Isele | New Issue | |
2022-09-27 16:15 | Jim Luth | Note Added: 0017854 | |
2022-09-27 16:15 | Jim Luth | Assigned To | => Matthias Damm |
2022-09-27 16:15 | Jim Luth | Status | new => assigned |
2023-01-30 10:18 | Matthias Damm | Note Added: 0018605 | |
2023-06-16 09:18 | Matthias Damm | Status | assigned => resolved |
2023-06-16 09:18 | Matthias Damm | Resolution | open => fixed |
2023-06-16 09:18 | Matthias Damm | Note Added: 0019492 | |
2023-06-20 20:04 | Jim Luth | Status | resolved => closed |
2023-06-20 20:04 | Jim Luth | Fixed in Version | => 1.05.03 RC1 |
2023-06-20 20:04 | Jim Luth | Note Added: 0019589 |