Access Control for CNA #82
Labels
final
final issue state
user story
Issues that follow user story format in order to describe community needs
Milestone
User story: As a CNA, I want only users that are authorized to reserve IDs on my behalf.
AC:
Scenario 1:
Given that a user that belongs to a CNA makes a request to reserve IDs for that CNA to the IDR, the service proceeds with processing the reservation request.
Scenario 2
Given that a user makes a request to reserve IDs and they are not a user for the Root CNA, CNA-LR or the CNA specified, the user will receive an error response (HTTP 401 Unauthorized).
*Note: For Phase 1 implementation, the Root CNA, and CNA-LR role is filled by MITRE, hence the implementation is limited to CNAs and MITRE as the only Root CNA and CNA-LR and in the meantime any other Root CNAs and CNA-LR will leverage other existing MITRE infrastructure services.
Historical Requirements Mapping
R5: Reservations are tracked to the requesting authorized CVE user and CNA organization
The text was updated successfully, but these errors were encountered: