Giter VIP home page Giter VIP logo

Comments (2)

serefarikan avatar serefarikan commented on June 6, 2024

Based on the feedback on slack, I'd suggest the following rewording:

Services SHOULD implement and support a HTTP Authentication and Authorization framework (which can support various schemes) but there is no assumption or recommendation being made in this specification about which authentication scheme should be used by services and clients. See RFC 7235 or Mozilla’s HTTP Authentication for details on this subject.
If an Authentication and Authorisation framework is present, services MUST properly use WWW-Authenticate and/or Proxy-Authenticate response headers and return HTTP status code 403 Forbidden or 401 Unauthorized or 407 Proxy Authentication whenever applicable, and clients MUST properly use Authorization and Proxy-Authorization in their request headers.

from specifications-its-rest.

sebastian-iancu avatar sebastian-iancu commented on June 6, 2024

Specs links are not referring specifically to a particular scheme - basic-auth scheme is RFC 7617, which is not explicitly stated. Protocol of schema negotiation between client and server is part of RFC 7235 and it should not be part of openEHR specs.

The intention of the original mentioned text was to state only that an auth scheme (any!) SHOULD be available to provide a certain security level to the openEHR services. The scheme itself is however not assumed (clients can anyway find out by firing requests on the service).

For conformance testing, if basic-auth is the way to go, then we should add it to the conformance specs as requirements - but REST Api should not be changed.

from specifications-its-rest.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.