Hello,

While reviewing the latest version of TMF672 – User Role Permission Management API, I noticed that the initial resource diagram includes a RelatedSecurityPrincipalRef resource. However, this resource does not appear in example - specifically for PermissionSet, where the user and granter attributes are modeled using RelatedPartyRefOrPartyRoleRef.

Could you please help clarify which data model object should be used to represent RelatedSecurityPrincipalRef? I couldn't find any relevant references in the latest MODA - SID documentation.

Kind regards,

Mihaela

Hello Mihaela,

Indeed, there is an issue with the diagram published in the current preview version of TMF672 User Role Permission 5.0.1 (https://www.tmforum.org/oda/open-apis/directory/user-role-permission-management-api-TMF672/v5.0)

The change from RelatedPartyRefOrPartyRoleRef to RelatedSecurityPrincipalRef was initially planned for 5.0.1, but other changes gained priority, and it will be made available on 5.1.0.

The driver for this change is the need to define permissions for users that can be parties, party roles, resources, or resource roles. This evolution was already implemented in Information Framework (SID) Suite Shared Domain R23.5.0 (Permission ABE).

Just as an additional note the model for Open APIs is not exactly the same as SID information model.

The diagram that you have posted here is based on Open API implementation data model. 

For TMF672 v5.0.1 (preview version) the user can only be a Party or Party Role. If you download the 5.0.1. OAS the schema is correct and uses RelatedPartyRefOrPartyRoleRef.

Kind regards,

Bruno Fernandes

------------------------------
Bruno Fernandes
NOS Technology
------------------------------