Uploaded image for project: 'OASIS Open Building Information Exchange (oBIX) TC'
  1. OASIS Open Building Information Exchange (oBIX) TC
  2. OBIX-207

16 Security: 2270-2273

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: OBIX 1.1 PR02
    • Fix Version/s: OBIX 1.1 WD25
    • Component/s: OBIX 1.1 Specification
    • Labels:
      None
    • Environment:

      Toby Considine

    • Proposal:
      Hide

      Suggest:
      OBIX does not define security protocols or security methods. Security is dependent upon the business process, the value of the data, the encoding used, and other issues that are out of scope for this specification. OBIX supports composition with any number of security approaches and technologies. User authentication and authorization are left to the implementer. The type and depth of encryption are dependent upon the bindings and transport protocols used. Although it is possible to define contracts for user management through OBIX, this committee does not define any standard Contracts for user management.
      OBIX does define the messages used to report errors in security or in authentication. OBIX further defines how security is inherited within the hierarchy of a system. OBIX further makes a number of statements throughout this specification of areas or conditions wherein practitioners should consider carefully the security effects of their decisions.

      Show
      Suggest: OBIX does not define security protocols or security methods. Security is dependent upon the business process, the value of the data, the encoding used, and other issues that are out of scope for this specification. OBIX supports composition with any number of security approaches and technologies. User authentication and authorization are left to the implementer. The type and depth of encryption are dependent upon the bindings and transport protocols used. Although it is possible to define contracts for user management through OBIX, this committee does not define any standard Contracts for user management. OBIX does define the messages used to report errors in security or in authentication. OBIX further defines how security is inherited within the hierarchy of a system. OBIX further makes a number of statements throughout this specification of areas or conditions wherein practitioners should consider carefully the security effects of their decisions.
    • Resolution:
      Hide

      Incorporated language into WD25

      Show
      Incorporated language into WD25

      Attachments

        Activity

          People

          • Assignee:
            toby.considine Toby Considine (Inactive)
            Reporter:
            toby.considine Toby Considine (Inactive)
          • Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: