-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Metadata #144
Security Metadata #144
Conversation
Work in progress. I will note when the updated security information model is ready for review in these comments. My goal is to have a final draft ready for review by Friday, 2018-05-31. However I'm creating the PR now to let people know I'm working on this so we can hopefully avoid collisions and conflicts. |
This version is mostly complete (it can be considered a first draft), but has a few problems still:
For 3 and 4 I will add issues so we can discuss them in a structured fashion; they are design choices/tradeoffs. 1 and 2 I just need to finish. I will do both before the next TD TF meeting. |
Issue 1 mentioned above, update to the core diagram, has been resolved. The diagram should now reflect the actual class structure. Note this was done AFTER I remove the securityDefinitions (see issue 145). So issue 3 is also resolved: there is now only "security", although it can be used at multiple levels (Thing, Interaction, Form; also, in Links. The main superclass of all security scheme configurations is called "SecurityScheme" to be consistent with the old class structure, however, which will make it a little easier to add securityDefinitions back in later if we want them. There are some red lines in the core diagram: these are additional locations where "security" definitions might be useful. The extra security fields in interactions support the case where security configurations are shared among multiple forms in an interaction (for example, several IP addresses or domain names for the same physical device). The extra security field in links supports security on external resources or "extra" access points on the Thing itself (eg the stream resource on an IP camera). The current ontology includes definitions supporting these additional uses. |
Took out "security" in link; "scope" now defined appropriately (turns out a string is the right type, BUT it also has to appear in interactions...). |
Issues identified during TD TF meeting resolved: "scheme" being 1..1 (mandatory) in figure; no "security" tag on links; missing OCFSecurityScheme section; invalid securityDefinitions example. Now ready for review. Please provide comments and I will fix issues on Monday, then we will review again in the next Security TF call and make final edits. |
Many thanks. Here is a link to see the new security inputs. Two comments from my side:
|
Thanks for the feedback. Regarding switching section 5.3 and 5.4: sure, no problem, I will make that change. Regarding OCF: I share a more general concern, which is how future users can specify security schemes that are not part of the core ontology. It is likely that new security schemes (or new versions of existing schemes) will arise faster than the WoT standard can be updated; at the very least there will be an undesirable gap if users have to wait for an update to the WoT standard. Presumably a custom vocabulary can be used to address this, but this assumption needs to be tested, and as you say, some guidelines issued. Regarding OCF in particular, it does seem odd to include it but not other, similar schemes such as those for LWM2M, ECHONET, etc. OCF’s security is also a specialization of the IETF standard for CoAP which, conversely, is not included (and probably should be...). At issue is what criteria we should apply to decide which security schemes go into the core vocabulary and which should not. It seems logical to include schemes supported natively by the core protocols, eg HTTP, CoAP, and MQTT. Slightly more controversial are schemes like OAuth and tokens (and there is a related issue regarding whether those should be separate, since tokens are in fact used by OAuth; including “bearer” and “pop” is meant to cover approaches where access tokens are provided by some mechanism other than OAuth). We will discuss this further in the Security TF call, but I propose doing the following:
|
The security TF met and suggested two changes:
|
Please hold off on merging. I need to add legal/default values to some of the items. |
List of valid values now given for security parameters, as well as default values. I also expanded the explanations where appropriate. Ready for merging. |
While I was ok with the last update, and felt it could have been merged, I noticed a few additional problems that I decided to fix:
Note: "security" is also array-valued but I'm just going to leave it, as "security" can be considered a mass noun and so does not have a plural. Ready for merging. |
Reverted name->label change in examples at Thing level. Looking at the ontology it seems Things still have names, not labels. I thought I was just fixing a consistency issue but apparently not, and changing this does not belong in a security metadata PR, so left it... if it is to be changed, it should be changed in some other PR. (Even more) ready to be merged. |
Request from Matthias: add pointer to OpenAPI 3.0.1 spec in an editor box for comparison: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md#securitySchemeObject |
Requested ednote added. Ready to merge. |
Thank you for the updates. |
Updates to TD information model to reflect full security metadata model.