PrathibaJee
commented
1 year ago In ApplicationPattern module , we embedded our security validation mechanism to the express framework middleware. So, by including BasicAuth to /v1/update-flow-visualization-page , in the server side the already existing code shall do the needful.
At the /v1/update-flow-visualization-page OperationServer, the attributes
shall be replaced by an security: basicAuth: [] statement.
Background: /v1/update-flow-visualization-page gets addressed by the client side GUI module of the RSR.
The GUI module shall be as lightweight as possible.
It shall neither participate in OperationKey management nor address authentication requests to AA.
The GUI module shall be seen as a component of representation application (RSR). It shall just visualize data and send requests for fresh data or different GUI to the main body of the representation application.
On the other hand, /v1/update-flow-visualization-page is an OperationServer that could be addressed by any application.
So, it must be protected.
In general, the MW SDN application layer applies OperationKeys for securing communication between applications and BasicAuth for securing communication with humans.
As the RSR is for visualizing data to humans, it needs to implement BasicAuth.
Currently the MW SDN application layer does not administrate any other user register than the AA.
Consequently, AA is used for authenticating the /v1/update-flow-visualization-page requests.