Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Access Control for CNA #82

Closed
athu-tran opened this issue Sep 15, 2020 · 0 comments
Closed

Access Control for CNA #82

athu-tran opened this issue Sep 15, 2020 · 0 comments
Labels
final final issue state user story Issues that follow user story format in order to describe community needs

Comments

@athu-tran
Copy link
Contributor

athu-tran commented Sep 15, 2020

User story: As a CNA, I want only users that are authorized to reserve IDs on my behalf.
AC:
Scenario 1:
Given that a user that belongs to a CNA makes a request to reserve IDs for that CNA to the IDR, the service proceeds with processing the reservation request.

Scenario 2
Given that a user makes a request to reserve IDs and they are not a user for the Root CNA, CNA-LR or the CNA specified, the user will receive an error response (HTTP 401 Unauthorized).

*Note: For Phase 1 implementation, the Root CNA, and CNA-LR role is filled by MITRE, hence the implementation is limited to CNAs and MITRE as the only Root CNA and CNA-LR and in the meantime any other Root CNAs and CNA-LR will leverage other existing MITRE infrastructure services.

Historical Requirements Mapping
R5: Reservations are tracked to the requesting authorized CVE user and CNA organization

@athu-tran athu-tran added the draft Initial issue state label Sep 15, 2020
@athu-tran athu-tran mentioned this issue Sep 16, 2020
@athu-tran athu-tran added the user story Issues that follow user story format in order to describe community needs label Sep 16, 2020
@athu-tran athu-tran added final final issue state and removed draft Initial issue state labels Oct 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
final final issue state user story Issues that follow user story format in order to describe community needs
Projects
None yet
Development

No branches or pull requests

2 participants