SSE Login Privilege Clarification

magesh
Minnow

Posts: 4

SSE Login Privilege Clarification Sept 27, 2021 8:06:34 GMT

Quote

Post by magesh on Sept 27, 2021 8:06:34 GMT

Hi All,

Client opens an SSE stream via SSE-uri when perform GET URI (ServiceSentEventUri), but this is not defined as entity in DMTF redfish schema.

We are able to access URI defined for ServiceSentEventUri even without login privilege
So is there anything from DMTF to support Spec compliances for the URI defined for ServiceSentEventUri.

Thanks,
Magesh

mraineri
Administrator

Posts: 1,048

SSE Login Privilege Clarification Sept 27, 2021 13:40:22 GMT

Quote

Post by mraineri on Sept 27, 2021 13:40:22 GMT

The SSE URI is outside of the Redfish data model, meaning there's no schema definition to back it up, and it's not a Redfish resource.

Like with other URIs that point outside the data model (such as the BinaryDataUri property in Assembly), there's the expectation that clients following that URI will have authentication and authorization implications. In terms of what roles or privileges you map to it, that would be entirely up to you. Generally speaking, it would seem reasonable that if a client is allowed to create an event subscription via a POST to the EventDestinationCollection resource, they should likely be able to perform a GET on the SSE URI.

We do have this text in the BinaryDataUri property: "using the Redfish protocol and authentication methods". This is currently missing from the ServerSentEventsUri property though. We have that same text in other URIs like this, but it doesn't seem to be consistently applied.

magesh Minnow Posts: 4	SSE Login Privilege Clarification Sept 28, 2021 5:32:07 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by magesh on Sept 28, 2021 5:32:07 GMT Thanks for the confirmation.

Post by magesh on Sept 27, 2021 8:06:34 GMT

Post by mraineri on Sept 27, 2021 13:40:22 GMT

Post by magesh on Sept 28, 2021 5:32:07 GMT