Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 14.0.0
-
Fix Version/s: None
-
Component/s: API descriptor, REST SDK
-
Labels:
Description
As a developer I want to know what type of identity can consume a REST endpoint when looking at the API Explorer.
As a security auditor working for a customer I want an understanding of the privileges required to use each endpoint so I can ensure the minimum privileges are assigned to identities for my use cases.
Developers of OpenAM have been annotating the endpoints in the REST API so that the details of the endpoints appear in the API Explorer. The suggestion here is for developers to start annotating the privileges required, eg. amadmin, superUser, a particular realm privilege, any authenticated user) so that this information can also be available in API Explorer.
Such information is inconsistently documented. This information could be reflected in the documents. At present, developers have to resort to guess work, source code analysis or trial and error to ascertain what privileges are required.