Skip main navigation (Press Enter).

Open APIs

View Only

Back to discussions

Expand all | Collapse all

720 Digital Identity

Sahbi Ben GdaiemOct 19, 2023 03:52

Hello there, We are implementing TMF720 and was wondering how it would fit with OAuth2.0 and OIDC. ...

Jonathan GoldbergNov 14, 2023 03:50

Hi Sahbi I've referred this query to the ODA security working group, including the current lead for ...

1. 720 Digital Identity

Like
Sahbi Ben Gdaiem
Posted Oct 19, 2023 03:52

Reply Reply Privately
Hello there,

We are implementing TMF720 and was wondering how it would fit with OAuth2.0 and OIDC.

More importantly, I have a query regarding querying credentials. I'm from security background and so find this a bit strange that we can query a password for example.

Appreciate your help

------------------------------
Sahbi Ben Gdaiem
Ooredoo Group
------------------------------
2. RE: 720 Digital Identity

Like
Jonathan Goldberg
Posted Nov 14, 2023 03:50

Reply Reply Privately
Hi Sahbi

I've referred this query to the ODA security working group, including the current lead for the TMF720 API.

Having said that, the fact that the resource model for basic credentials includes the password doesn't mean that you can query the password. It could be that the password field is write-only, so you can POST or PATCH credentials, but you cannot retrieve them. Presumably each specific implementation of the API will decide what can actually be returned in a retrieve or query operation (GET).

------------------------------
Jonathan Goldberg
Amdocs Management Limited
Any opinions and statements made by me on this forum are purely personal, and do not necessarily reflect the position of the TM Forum or my employer.
------------------------------

Powered by Higher Logic

Global message icon