Merge branch 'docs/cleanup-4.8'

docs/roles-policies/classification/index.adoc

@@ -305,6 +305,10 @@ E.g. certify access to category III systems every 6 months, certify access to ca
 // TODO: create an example for this, after 4.9 when new certification settles in.
 // TODO: Refer from ISO 27001 5.12
 
+// TODO: Pre-defined classification "Privileged Access"
+
+// TODO: recommendation: model all "special" privileges or states as clearances, e.g. NDA, security trainings, clearances based on inspections and investigations. This means that they can be re-verified using ordinary certification. (ISO27001 5.16)
+
 == Limitations
 
 The concept of classifications and clearances is based on existing stable midPoint functionality of xref:../policy-rules/[policy rules] and xref:../metaroles/[meta-roles], therefore the policy enforcement is fully supported.
@@ -318,4 +322,4 @@ Generally speaking, visibility of policy rules and their execution is somehow li
 
 * xref:../metaroles/[]
 
-* xref:/midpoint/features/planned/classifications/[]
+* xref:/midpoint/features/planned/classification/[]

docs/roles-policies/pdrbac/index.adoc

@@ -1,6 +1,10 @@
 ---
 midpoint-feature: pdrbac
 doc-type: intro
+compliance:
+    iso27001:
+        '5.15':
+            description: 'Policy-driven RBAC as an access control mechanism that is based on roles and it includes dynamic policy elements'
 ---
 = Policy-Driven Role-Based Access Control
 :page-nav-title: Policy-Driven RBAC

docs/security/credentials/initial-password-management-discussion.adoc

@@ -1,3 +1,12 @@
+---
+midpoint-feature: [ 'password-management', 'self-service-password-reset' ]
+doc-type: config
+compliance:
+    iso27001:
+        '5.17':
+            description: 'Discussion of practices for establishing initial passwords and password reset'
+---
+
 = Initial Password Management Discussion
 :page-wiki-name: Initial Password Management Discussion
 :page-wiki-id: 24676686
@@ -290,6 +299,6 @@ All that is needed to complete the functionality is motivation from midPoint sub
 
 == See Also
 
-* xref:/midpoint/reference/security/credentials/password-reset/[Reset Password Configuration]
+* xref:/midpoint/reference/security/credentials/password-reset/[Password Reset]
 
-* xref:/midpoint/reference/security/credentials/password-reset/new-configuration/[New Password Reset Configuration]
+* xref:/midpoint/reference/security/credentials/password-reset/configuration/[Password Reset Configuration]

docs/security/credentials/password-reset/new-configuration.adoc → docs/security/credentials/password-reset/configuration.adoc

@@ -1,24 +1,22 @@
-= New Password Reset Configuration
+---
+midpoint-feature: self-service-password-reset
+doc-type: config
+---
+= Password Reset Configuration
 :page-nav-title: New Configuration
 :page-wiki-name: New Password Reset Configuration
 :page-wiki-id: 24676562
 :page-wiki-metadata-create-user: semancik
 :page-wiki-metadata-create-date: 2018-02-26T10:28:15.324+01:00
 :page-wiki-metadata-modify-user: semancik
 :page-wiki-metadata-modify-date: 2018-02-26T10:43:01.590+01:00
+:page-moved-from: /midpoint/reference/security/credentials/password-reset/new-configuration/
 :page-upkeep-status: red
 
 ++++
 {% include missing-incomplete.html %}
 ++++
 
-
-== Motivation
-
-The old xref:/midpoint/reference/security/credentials/password-reset/[Reset Password Configuration] is a very limited and somehow non-systemic feature.
-There is a need for a better replacement.
-
-
 == Basic Mechanism
 
 The idea is that all the password reset mechanisms have the same parts:
@@ -65,4 +63,4 @@ The progress of the credential reset process may be stored in the user object.
 
 == See Also
 
-* xref:/midpoint/reference/security/credentials/password-reset/[Reset Password Configuration] (old configuration, soon to be deprecated)
+* xref:/midpoint/reference/security/credentials/password-reset/[Reset Password Configuration] (old configuration, soon to be deprecated)