Loading src/SOL012/definitions/SOL012_def.yaml +49 −72 Original line number Diff line number Diff line Loading @@ -145,56 +145,33 @@ definitions: SubscriptionAuthentication: description: > NOTE 1: The clientId and clientPassword passed in a subscription shall not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 certificates, this mode which uses client password to authenticate may be used in the access token request toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been * NOTE 1 : The clientId and clientPassword passed in a subscription shall not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. * NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 certificates, this mode which uses client password to authenticate may be used in the access token request toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. * NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been removed because the method is no longer supported. NOTE 4: The client certificate is established by means outside the scope of the present document. * NOTE 4: The client certificate is established by means outside the scope of the present document. type: object oneOf: - required: - authType - paramsOauth2ClientCredentials - required: required: - authType - paramsOauth2ClientCert properties: authType: description: > Defines the types of Authentication/Authorization which the API consumer is willing to accept when receiving a notification. Defines the types of Authentication / Authorization which the API consumer is willing to accept when receiving a notification. Permitted values (see note 3): - OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after authenticating using client identifier and client password towards the token endpoint. - OAUTH2_CLIENT_CERT: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after mutually authenticating using client identifier and X.509 certificates towards the token endpoint. * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after authenticating using client identifier and client password towards the token endpoint. * OAUTH2_CLIENT_CERT: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after mutually authenticating using client identifier and X.509 certificates towards the token endpoint. type: array items: type: string Loading @@ -205,8 +182,11 @@ definitions: description: > Parameters for authentication/authorization using OAUTH2_CLIENT_CERT. Shall be present if authType is "OAUTH2_CLIENT_CERT" and the contained Shall be present if authType is "OAUTH2_CLIENT_CERT" and the contained information has not been provisioned out of band. Shall be absent otherwise. type: object required: - clientId Loading @@ -221,9 +201,8 @@ definitions: type: string certificateRef: description: > Fingerprint of the client certificate. The hash function shall use SHA256 or higher. See note 4. type: object Fingerprint of the client certificate. The hash function shall use SHA256 or higher. See note 4. type: string required: - type - value Loading @@ -232,50 +211,48 @@ definitions: description: > The type of the fingerprint. Permitted values: - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of IETF RFC 7515 [23]. type: string $ref: "#/definitions/schemas/String" enum: - x5t#S256 value: description: > The fingerprint value as defined by the type. type: string $ref: "#/definitions/schemas/String" tokenEndpoint: description: > The token endpoint from which the access token can be obtained. $ref: "#/definitions/schemas/Uri" paramsOauth2ClientCredentials: description: > Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained information has not been provisioned out of band. Shall be absent otherwise. See note 2. type: object properties: clientId: description: > Client identifier to be used in the access token request of the OAuth 2.0 client credentials grant type. The client identifier is unique in the scope of the tokenEndpoint. Shall be present if it has not been provisioned out of band. See note 1. Client identifier to be used in the access token request of the OAuth 2.0 client credentials grant type. The client identifier is unique in the scope of the tokenEndpoint. Shall be present if it has not been provisioned out of band. See note 1. type: string clientPassword: description: > Client password to be used in the access token request of the OAuth 2.0 client credentials grant type. Shall be present if it has not been provisioned out of band. See note 1. Client password to be used in the access token request of the OAuth 2.0 client credentials grant type. Shall be present if it has not been provisioned out of band. See note 1. type: string tokenEndpoint: description: > The token endpoint from which the access token can be obtained. Shall be present if it has not been provisioned out of band. The token endpoint from which the access token can be obtained. Shall be present if it has not been provisioned out of band. $ref: "#/definitions/schemas/Uri" ProblemDetails: Loading Loading
src/SOL012/definitions/SOL012_def.yaml +49 −72 Original line number Diff line number Diff line Loading @@ -145,56 +145,33 @@ definitions: SubscriptionAuthentication: description: > NOTE 1: The clientId and clientPassword passed in a subscription shall not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 certificates, this mode which uses client password to authenticate may be used in the access token request toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been * NOTE 1 : The clientId and clientPassword passed in a subscription shall not be the same as the clientId and clientPassword that are used to obtain authorization for API requests. Client credentials may differ between subscriptions. The value of clientPassword should be generated by a random process. * NOTE 2: As a less secure alternative to OAUTH2_CLIENT_CERT which uses mutual authentication based on X.509 certificates, this mode which uses client password to authenticate may be used in the access token request toward the authorization server (as defined by IETF RFC 6749 [7]), only to support legacy implementations (version 3.4.1 or earlier version of the present document). See clause 8.1 for more details. * NOTE 3: The following values that were included up to version 3.4.1 of the present document have been removed: "BASIC" (to signal the use of the basic HTTP authentication) has been removed because it is insecure. "TLS_CERT" to signal an alternative non-token based authorization method using TLS certificates has been removed because the method is no longer supported. NOTE 4: The client certificate is established by means outside the scope of the present document. * NOTE 4: The client certificate is established by means outside the scope of the present document. type: object oneOf: - required: - authType - paramsOauth2ClientCredentials - required: required: - authType - paramsOauth2ClientCert properties: authType: description: > Defines the types of Authentication/Authorization which the API consumer is willing to accept when receiving a notification. Defines the types of Authentication / Authorization which the API consumer is willing to accept when receiving a notification. Permitted values (see note 3): - OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after authenticating using client identifier and client password towards the token endpoint. - OAUTH2_CLIENT_CERT: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after mutually authenticating using client identifier and X.509 certificates towards the token endpoint. * OAUTH2_CLIENT_CREDENTIALS: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after authenticating using client identifier and client password towards the token endpoint. * OAUTH2_CLIENT_CERT: In every HTTP request to the notification endpoint, use an OAuth 2.0 token, obtained using the client credentials grant type after mutually authenticating using client identifier and X.509 certificates towards the token endpoint. type: array items: type: string Loading @@ -205,8 +182,11 @@ definitions: description: > Parameters for authentication/authorization using OAUTH2_CLIENT_CERT. Shall be present if authType is "OAUTH2_CLIENT_CERT" and the contained Shall be present if authType is "OAUTH2_CLIENT_CERT" and the contained information has not been provisioned out of band. Shall be absent otherwise. type: object required: - clientId Loading @@ -221,9 +201,8 @@ definitions: type: string certificateRef: description: > Fingerprint of the client certificate. The hash function shall use SHA256 or higher. See note 4. type: object Fingerprint of the client certificate. The hash function shall use SHA256 or higher. See note 4. type: string required: - type - value Loading @@ -232,50 +211,48 @@ definitions: description: > The type of the fingerprint. Permitted values: - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of - x5t#S256: The SHA-256 thumbprint of the X.509 certificate as defined in section 4.1.8 of IETF RFC 7515 [23]. type: string $ref: "#/definitions/schemas/String" enum: - x5t#S256 value: description: > The fingerprint value as defined by the type. type: string $ref: "#/definitions/schemas/String" tokenEndpoint: description: > The token endpoint from which the access token can be obtained. $ref: "#/definitions/schemas/Uri" paramsOauth2ClientCredentials: description: > Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained Parameters for authentication/authorization using OAUTH2_CLIENT_CREDENTIALS. Shall be present if authType is "OAUTH2_CLIENT_CREDENTIALS" and the contained information has not been provisioned out of band. Shall be absent otherwise. See note 2. type: object properties: clientId: description: > Client identifier to be used in the access token request of the OAuth 2.0 client credentials grant type. The client identifier is unique in the scope of the tokenEndpoint. Shall be present if it has not been provisioned out of band. See note 1. Client identifier to be used in the access token request of the OAuth 2.0 client credentials grant type. The client identifier is unique in the scope of the tokenEndpoint. Shall be present if it has not been provisioned out of band. See note 1. type: string clientPassword: description: > Client password to be used in the access token request of the OAuth 2.0 client credentials grant type. Shall be present if it has not been provisioned out of band. See note 1. Client password to be used in the access token request of the OAuth 2.0 client credentials grant type. Shall be present if it has not been provisioned out of band. See note 1. type: string tokenEndpoint: description: > The token endpoint from which the access token can be obtained. Shall be present if it has not been provisioned out of band. The token endpoint from which the access token can be obtained. Shall be present if it has not been provisioned out of band. $ref: "#/definitions/schemas/Uri" ProblemDetails: Loading
