In my opinion, no Open API entity should hold a reference to any means of authentication (be it password, PIN, smart card token, etc.). Under no circumstances would such means ever be returned as API output.
Currently, the Open API catalog does not include API for user management (setting up users of software systems, setting or resetting authentication means). If and when such an API will be added, then would need to consider how to model that.
------------------------------
Jonathan Goldberg
Amdocs Management Limited
------------------------------
Original Message:
Sent: May 17, 2018 04:10
From: Aleksandr Veremkovich
Subject: Authentication factors and Users, Roles ABE
Hi,
Which entity/entities should keep information (attributes) about user authentication factors such as password, PIN, security token and etc.?
Thanks.
------------------------------
BR,
Aleksandr Veremkovich
Telekom Austria AG
------------------------------