Hello Juanjo, To address your comment on Access Control GE below, the incriminated ZIP package is now *publicly* available. I have updated the wiki page that you quoted below, to point to that new public link instead. Kind regards, CD --- Cyril Dangerville, CISSP Thales Services ThereSIS Innovation lab, ICT Security Unit Thales Research & Technology Campus Polytechnique 1, avenue Augustin Fresnel 91767 Palaiseau cedex France Office: +33 (0)1 69 41 59 66 Fax: +33 (0)1 69 41 55 63 De : fiware-api-cross-bounces at lists.fi-ware.eu [mailto:fiware-api-cross-bounces at lists.fi-ware.eu] De la part de Juanjo Hierro Envoyé : lundi 6 mai 2013 04:07 À : Fiware-api-cross at lists.fi-ware.eu Objet : [Fiware-api-cross] Session about API Access Control on Monday May 13 afternoon [...] I take this opportunity to raise a number of hot issues I have detected while reviewing contents of the Security Chapter in the FI-WARE Architecture. It would be nice to see some clarifications on your side ASAP: * IdM GE API Open Specifications: Frankly speaking, I can't find any API specification associated to the FI-WARE IdM GE ... what you have there are the URLs of service endpoints linked to concrete instances of the IdM GE, provided by DT and NSN. This might be useful information to publish in the tab "instances" linked to entries in the FI-WARE Catalogue associated to the IdM GEis implemented by NSN and DT ... but why is this stuff published as part of the IdM GE Open Specifications ? I have found that a similar comment was raised by TID/UPM during the peer review but seems like it had been ignored ... If part of the IdM GE API Open Specifications matches a given standard then you should provide a link to the published specs together with comments regarding level of support of the referred spec (e.g., may be not all the operations in the standard API you make a link to are supported in your implementation). Besides, at one point you state: "Additional to the authentication and authorization interfaces the Identity Management GEs delivers a REST API for all functionalities regarding user and profile management" ... however I can't see that REST API specified anywhere ... Where is it ? Last but not least, I have read in one of the comments that some of the examples you provide were related to OAuth 1.0 rather than OAuth 2.0 ... could you confirm that you will support OAuth 2.0 ? * Access Control GE: I read the following as part of the Open Specs and it rather seems inadmissible to me: "The API operations and associated datatypes are fully described in the Access Control GE - Authorization Restful API (fiware.access_control_ge.authz.api.wadl.zip) package available in document folder Cross Topics > APIs access control, monitoring and accounting of project FI-WARE Private". Please, FI-WARE Open Specifications are public ! we cannot deliver something like this ! Best regards, -- Juanjo Hierro ------------- Product Development and Innovation (PDI) - Telefonica Digital website: www.tid.es<http://www.tid.es> email: jhierro at tid.es<mailto:jhierro at tid.es> twitter: twitter.com/JuanjoHierro FI-WARE (European Future Internet Core Platform) Coordinator and Chief Architect You can follow FI-WARE at: website: http://www.fi-ware.eu facebook: http://www.facebook.com/pages/FI-WARE/251366491587242 twitter: http://twitter.com/FIware linkedIn: http://www.linkedin.com/groups/FIWARE-4239932 ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.fiware.org/private/fiware-api-cross/attachments/20130513/604516d3/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy