DDS-WEB 1.0 FTF Avatar
  1. OMG Issue

DDSWEB — Access Control Relationship with DDS Security

  • Key: DDSWEB-7
  • Legacy Issue Number: 19250
  • Status: closed  
  • Source: ZettaScale Technology ( Angelo Corsaro)
  • Summary:

    The mars/13-05-21 introduces an AccessController, yet it is not clear how this relates to DDS security access control plug-in.

  • Reported: DDS-WEB 1.0b1 — Fri, 21 Feb 2014 05:00 GMT
  • Disposition: Resolved — DDS-WEB 1.0
  • Disposition Summary:

    Clarify AccessControl class and relationship to DDS-Security

    The confusion stems from modeling the client application as a "User" rather than simply a client. Also the requirement for a login/logout transaction is not what typical rest-api users are accustomed to. In most API's the authentication is tied to some API key/token that is passed as part of each request. That way the server does not need to retain session information.

    To clarify this the revised text renames "User" to "Client" and introduces a REST-API-Key explaining how it is included in the HTTP headers It also specifies how this mechanism leverages the security mechanisms built in HTTPS.
    The change is not very large in terms of the rest protocol itself. But a lot of text and figures are affected by the rename.
    The new figures are not attached to this resolution because there is another issue (DDSWEB-21) that will update most of the figures so it would be redundant to attach the figures twice. The changes to the figures are nevertheless listed as part of the revised text.

  • Updated: Tue, 22 Dec 2015 15:08 GMT