openBackhaul
commented
2 months ago Unfortunately, I don't know the APT API and therefore can't make a statement about security at short notice. The request is addressed to Mentopolis. However, it will certainly take a few days before we get an answer.
The ApplicationImplementers to assume for the calculation of their efforts that
- basicAuth is to be used for the request to APT
- UserName and password (in encrypted form) are to be written into two separate instances of StringProfile in the CONFIGfile
- UserName and password shall not be updated via /v1/update-apt-client, but OaM configuration (or altering the CONFIGfile).
If it would be decided to specify like this:
- ProfileInstanceList and CONFIGfile to be complemented by two instances of StringProfile
- security statement to be added to the callback definitions in the OAS as an exception
PrathibaJee
/v1/update-apt-client will store the apt client's callback urls and its whereabouts in the logical-termination-point. when the request /v1/provide-acceptance-data-of-link-endpoint is addressed by APT , as an initial response , a request-id will be sent to the requestor. After formulating the response, APTP will send the response to the callback url of APT. While sending this callback , whether the callback url in APT shall be accessed without security ?