Open Resource Discovery (ORD) is a protocol that allows applications and services to self-describe their exposed resources and capabilities. This plugin enables generation of ORD document for CAP based applications.
Security of metadata in ORD Plugin (proposal from @Fannon ):
"open" is only allowed if metadata is public and static. In this case, we make it public later anyway (BAH).
If metadata is tenant-specific, it needs to be protected to not leak information about customer extensions
If metadata contains internal or private visibility content, then it needs to be protected and the aggregators take over responsibility for access control / protection.
For customer CAP application, we probably have to go with a default, but here we can't protect by default. So we make this a customer decision.
Security of metadata in ORD Plugin (proposal from @Fannon ):
"open" is only allowed if metadata is public and static. In this case, we make it public later anyway (BAH). If metadata is tenant-specific, it needs to be protected to not leak information about customer extensions If metadata contains internal or private visibility content, then it needs to be protected and the aggregators take over responsibility for access control / protection.
For customer CAP application, we probably have to go with a default, but here we can't protect by default. So we make this a customer decision.