Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Register Authenticated APIs versions require multiple authorisation scopes #498

Closed
CDR-API-Stream opened this issue Mar 30, 2022 · 1 comment
Closed

New Register Authenticated APIs versions require multiple authorisation scopes #498

CDR-API-Stream opened this issue Mar 30, 2022 · 1 comment
Labels
Register Security Change or question related to the information security profile
Projects
Data Standards Maintenance

Comments

@CDR-API-Stream
Copy link
Collaborator

Description

Version 1.15.0 of the Register APIs introduced new API versions through issues #424 and #425.
As part of this work, a new authorisation scope cdr-register:read was introduced for authenticated APIs.

The new API versions are currently documented as requiring a union of cdr-register:bank:read and cdr-register:read

image

This is a defect and was not intended. cdr-register:read is intended to replace cdr-register:bank:read for the new versions of multi-sector supported authenticated Register APIs.

Area Affected

Get Data Holder Brands V2
Get Software Statement Assertion (SSA) V3

Change Proposed

Consider specifying cdr-register:read as the only scope required to consume these authenticated Register APIs.
@CDR-API-Stream CDR-API-Stream added Security Change or question related to the information security profile change request Register labels Mar 30, 2022
@CDR-API-Stream CDR-API-Stream added this to Full Backlog in Data Standards Maintenance via automation Mar 30, 2022
@CDR-API-Stream CDR-API-Stream moved this from Full Backlog to In Progress: Design in Data Standards Maintenance Mar 30, 2022
This was referenced Mar 30, 2022
Closed
Closed
@CDR-API-Stream CDR-API-Stream moved this from In Progress: Design to In Progress: Staging in Data Standards Maintenance Apr 21, 2022
@CDR-API-Stream CDR-API-Stream moved this from In Progress: Staging to Done in Data Standards Maintenance May 25, 2022
@CDR-API-Stream
Copy link
Collaborator Author

CDR-API-Stream commented May 30, 2022
edited
Loading

The CDR Register API authorisation scope requirements are now corrected as follows:

API Version Authorisation Scope
GetDataHolderBrands V1 cdr-register:bank:read
GetDataHolderBrands V2 cdr-register:read
Get Software Statement Assertion (SSA) V1, V2 cdr-register:bank:read
Get Software Statement Assertion (SSA) V3 cdr-register:read

This change was incorporated into release v1.17.0.

Please refer to Decision 237 for further details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Register Security Change or question related to the information security profile
Projects
Data Standards Maintenance
Archived in project
Data Standards Maintenance
  
Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CDR-API-Stream