search

charinev / opnc

CharIN Open Plug&Charge Protocol (OPNC)
Creative Commons Attribution Share Alike 4.0 International
18 stars 8 forks source link

Scope reduction/Api for RCP: only open in get #23

Closed JMR-Gireve closed 1 year ago

JMR-Gireve commented 1 year ago

Scope reduction/Api for RCP: only open in get: I suggest that the RCP should be only populate by the RCP operator, and thus not via an open API

Benefits:Scope reduction and simplification

Impact son players already connected via OPCP:none"

MKeCharIN commented 1 year ago

Already described in the call and implemented: "Expects a Root Certificate Object and the Root Type. This Function should not be called by other parties than the Root Certificate Pool operator to prevent possible wrong usage. Each Root CA in a Plug&Charge Ecosystem must be audited/checked upfront. All parties of the Plug&Charge Ecosystem need to relay on this audits of the different PKI Operators or consumers. A 2 Factor authorization in the organization shall be considered to add a Root CA into the RCP"

Correct body to be checked.

steffenrhinow commented 1 year ago

As mentioned - the API is not defining a Protocol. The Security and access concept need to be documented -> this will then clear out that certian actions can just be done by the operator alone