search

camaraproject / DeviceLocation

Repository to describe, develop, document and test the DeviceLocation API family
Apache License 2.0
20 stars 31 forks source link

Align security scope with guideline #193

Closed bigludo7 closed 1 month ago

bigludo7 commented 2 months ago

Problem description As described in recent merged PR177 in commonalities we have to update the security part, openId defined scope in geofencing-subscriptions yaml.

for GET we must have:

Expected behaviorhttps://github.com/camaraproject/Commonalities/pull/177

For GET & GET {id} we must have

security:
        - openId:
              - geofencing-subscriptions:read

for DELETE:

security:
        - openId:
              - geofencing-subscriptions:delete

For POST

security:
        - openId:
              - geofencing-subscriptions:org.camaraproject.geofencing.v0.area-entered:create
              - geofencing-subscriptions:org.camaraproject.geofencing.v0.area-left:create

Alternative solution

Additional context @maxl2287 probably for you as you maintain this yaml ;)

jlurien commented 2 months ago

@bigludo7, if API is renamed to geofencing-subscriptions, should we have to rename as well events to org.camaraproject.geofencing-subscriptions.v0.area-...?