Session Resource Password attribute

AMI_Mani
Tuna

AMI

Posts: 178

Session Resource Password attribute Aug 11, 2022 7:33:57 GMT

Quote

Post by AMI_Mani on Aug 11, 2022 7:33:57 GMT

Hi,
As per redfish.dmtf.org/schemas/v1/Session.v1_4_0.json, we have below details for Password

"Password": {
"description": "The password for this session. The value is `null` in responses.",
"longDescription": "This property shall contain the password for this session. The value shall be `null` in responses.",
"readonly": true,
"type": [
"string",
"null"
]
}
AFAIK there is no password applicable for session and password applicable only for user. Please confirm about showing password with null value in get response of session instance.

Even in DSP2046_2022.1.pdf we have sample response without password

6.103.5 Example response

{

"@odata.type": "#Session.v1_4_0.Session",

"Id": "1234567890ABCDEF",

"Name": "User Session",

"Description": "Manager User Session",

"UserName": "Administrator",

"Oem": {},

"@odata.id": "/redfish/v1/SessionService/Sessions/1234567890ABCDEF"

}

Do we have any plan to change description, longDescription mentioning password of username instead of password for this session?
Password is required oncreate(post), Is it ok to skip password attribute in get response of session instance since we can't update password of session?

Thanks,
Mani

Last Edit: Aug 11, 2022 7:58:36 GMT by AMI_Mani

mraineri
Administrator

Posts: 1,132

Session Resource Password attribute Aug 11, 2022 14:57:57 GMT

Quote

Post by mraineri on Aug 11, 2022 14:57:57 GMT

It depends on how you conceptualize username and password management. Some folks try to consider "username" and "password" as two things used together in an authentication request to produce a "yes" or "no" response, and how the authentication works underneath the covers with those two values can be opaque. In reality, yes, the password tends to be tied to the username as part of the process.

And yes, you're certainly free to omit the "Password" property entirely from GET responses.

AMI_Mani
Tuna

AMI

Posts: 178

Session Resource Password attribute Aug 12, 2022 5:46:18 GMT

Quote

Post by AMI_Mani on Aug 12, 2022 5:46:18 GMT

ok, got your point. But decription can be changed in schema accordingly

"This property shall contain the password for this session. The value shall be `null` in responses.",

As per redfish.dmtf.org/schemas/v1/Session.v1_4_0.json, we have below details for Password

"Password": {

"description": "The password for this session. The value is `null` in responses.",

"longDescription": "This property shall contain the password for this session. The value shall be `null` in responses.",

"readonly": true,

"type": [

"string",

"null"

]

}

Thanks,
Mani

mraineri Administrator Posts: 1,132	Session Resource Password attribute Aug 16, 2022 15:23:30 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by mraineri on Aug 16, 2022 15:23:30 GMT Are you asking for the phrasing in the description "the password for this session" to be updated? Would something along the lines of "the password for creating the session" be better?

Post by AMI_Mani on Aug 11, 2022 7:33:57 GMT

Post by mraineri on Aug 11, 2022 14:57:57 GMT

Post by AMI_Mani on Aug 12, 2022 5:46:18 GMT

Post by mraineri on Aug 16, 2022 15:23:30 GMT