Open APIs

Hi,

Which entity/entities should keep information (attributes) about user authentication factors such as password, PIN, security token and etc.?

Thanks.



------------------------------
BR,
Aleksandr Veremkovich
Telekom Austria AG
------------------------------

​In my opinion, no Open API entity should hold a reference to any means of authentication (be it password, PIN, smart card token, etc.). Under no circumstances would such means ever be returned as API output.
Currently, the Open API catalog does not include API for user management (setting up users of software systems, setting or resetting authentication means). If and when such an API will be added, then would need to consider how to model that.

------------------------------
Jonathan Goldberg
Amdocs Management Limited
------------------------------

Original Message:
Sent: May 17, 2018 04:10
From: Aleksandr Veremkovich
Subject: Authentication factors and Users, Roles ABE

Hi,

Which entity/entities should keep information (attributes) about user authentication factors such as password, PIN, security token and etc.?

Thanks.



------------------------------
BR,
Aleksandr Veremkovich
Telekom Austria AG
------------------------------

If these PIN, passwords, security token required to get access to some services. May be they a part of this Services? (or you can model it as resources linked with services).

------------------------------
Sergey Lukin
T-Systems
------------------------------

Original Message:
Sent: May 17, 2018 04:10
From: Aleksandr Veremkovich
Subject: Authentication factors and Users, Roles ABE

Hi,

Which entity/entities should keep information (attributes) about user authentication factors such as password, PIN, security token and etc.?

Thanks.



------------------------------
BR,
Aleksandr Veremkovich
Telekom Austria AG
------------------------------

Most probably I will link them to Resources and ResourceUser. I found as well GlobalConfiguration entity in Reource domain with the following attributes: devicePassword, deviceSecretPassword, vtyPassword and snmpPassword.

------------------------------
Aleksandr Veremkovich
Telekom Austria AG
------------------------------

Original Message:
Sent: May 24, 2018 02:38
From: Sergey Lukin
Subject: Authentication factors and Users, Roles ABE

If these PIN, passwords, security token required to get access to some services. May be they a part of this Services? (or you can model it as resources linked with services).

------------------------------
Sergey Lukin
T-Systems

Original Message:
Sent: May 17, 2018 04:10
From: Aleksandr Veremkovich
Subject: Authentication factors and Users, Roles ABE

Hi,

Which entity/entities should keep information (attributes) about user authentication factors such as password, PIN, security token and etc.?

Thanks.



------------------------------
BR,
Aleksandr Veremkovich
Telekom Austria AG
------------------------------

GlobalConfiguration is it a part of Resource (device) configuration and all credentials here only for management this device.
From my point of view it is wrong place for storing end user credentials here.

------------------------------
Sergey N Lukin

------------------------------

Original Message:
Sent: May 25, 2018 07:23
From: Aleksandr Veremkovich
Subject: Authentication factors and Users, Roles ABE

Most probably I will link them to Resources and ResourceUser. I found as well GlobalConfiguration entity in Reource domain with the following attributes: devicePassword, deviceSecretPassword, vtyPassword and snmpPassword.

------------------------------
Aleksandr Veremkovich
Telekom Austria AG

Original Message:
Sent: May 24, 2018 02:38
From: Sergey Lukin
Subject: Authentication factors and Users, Roles ABE

If these PIN, passwords, security token required to get access to some services. May be they a part of this Services? (or you can model it as resources linked with services).

------------------------------
Sergey Lukin
T-Systems

Original Message:
Sent: May 17, 2018 04:10
From: Aleksandr Veremkovich
Subject: Authentication factors and Users, Roles ABE

Hi,

Which entity/entities should keep information (attributes) about user authentication factors such as password, PIN, security token and etc.?

Thanks.



------------------------------
BR,
Aleksandr Veremkovich
Telekom Austria AG
------------------------------