[Advanced Security] Capability-implied Requirements is not defined for Authorization Server Configuration related capabilities

[MariaYa0091]

Capability-implied Requirements contains dependency requirements between commands and capabilities, but for Authorization Server Configuration nothing is described.

Open points:

• Shall device supports all of the following commands if MaxConfigurations > 0?
  • GetAuthorizationServerConfigurations
  • CreateAuthorizationServerConfiguration
  • SetAuthorizationServerConfiguration
  • DeleteAuthorizationServerConfiguration
• If MaxConfigurations > 0 shall ConfigurationTypesSupported contains at least one item? Is there any requirement to have certain item always for interoperability?
• If MaxConfigurations > 0 shall ClientAuthenticationMethodsSupported contains at least one item? Is there any requirement to have certain item always for interoperability?
• Shall other Advanced Security interfaces be supported if MaxConfigurations > 0?
• Shall other Advanced Security interfaces be supported for certain values of ConfigurationTypesSupported? For private_key_jwt for example?
• Shall other Advanced Security interfaces be supported for certain values of ClientAuthenticationMethodsSupported? For self_signed_tls_client_auth?

[jflevesque-genetec]

• Shall device supports all of the following commands if MaxConfigurations > 0?
  • GetAuthorizationServerConfigurations
  • CreateAuthorizationServerConfiguration
  • SetAuthorizationServerConfiguration
  • DeleteAuthorizationServerConfiguration

Yes

If MaxConfigurations > 0 shall ConfigurationTypesSupported contains at least one item? Is there any requirement to have certain item always for interoperability?

OAuthClientCredentials mandatory

If MaxConfigurations > 0 shall ClientAuthenticationMethodsSupported contains at least one item? Is there any requirement to have certain item always for interoperability?

private_key_jwt is mandatory by cloud profile. Not sure for the rest

Shall other Advanced Security interfaces be supported if MaxConfigurations > 0?

Didn't check

Shall other Advanced Security interfaces be supported for certain values of ConfigurationTypesSupported? For private_key_jwt for example?

Yes, CreatePKCS10CSR to get the public key generated by the device

Shall other Advanced Security interfaces be supported for certain values of ClientAuthenticationMethodsSupported? For self_signed_tls_client_auth?

Didn't check

[MariaYa0091]

Is there plans to update Advanced Security Specification for these points? It is important for test specification development. From cloud profiles perspective requirements are clear, but I would like to prevent creation of profile specific tests instead of relying on network specification requirements and device capabilities.

Note: these commands are not a part of any profiles, so changes could be made.

[bsriramprasad]

OAuthClientCredentials mandatory

• OAuthClientCredentials mandatory for cloud profile.

[bsriramprasad]

https://github.com/onvif/specs/pull/476 added to cover Auth server configuration APIs with capability

[sujithhanwha]

Already PR #476 is opened, closing this issue based on 10/24 telco.