0009818: Behaviour of UserManagementType RemoveUser not defined

ID	Project	Category	View Status	Date Submitted	Last Update

0009818	10000-018: Role-Based Security	Spec	public	2024-09-05 12:42	2024-09-05 12:42

Reporter	Matthias Isele	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open
Product Version	1.05.04 RC1

Summary	0009818: Behaviour of UserManagementType RemoveUser not defined
Description	What is the expected behaviour in the server if a user that is currently used (active session) is removed. My expectation is that the server should close the session immediately. A similar szenario is described in Part 12 ApplyChanges: If a TrustList change only affects UserIdentity associated with a Session then Servers shall reevaluate the UserIdentity and if it is no longer valid the Session and associated Subscriptions are closed. For me the logic for a X509 token that is no longer trusted and a user that no longer exists should be the same.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2024-09-05 12:42	Matthias Isele	New Issue