BMCWeb auth primer

Brandon Wyman bjwyman at gmail.com
Tue Nov 26 08:37:34 AEDT 2019


On Mon, Nov 11, 2019 at 7:41 PM Joseph Reynolds <jrey at linux.ibm.com> wrote:
>
> Dear OpenBMC community and BMCWeb maintainers,
>
> I worked on BMCWeb, learned how it works, and put together this little
> primer on its authentication and authorization flows.  I think portions
> of it are generally useful to the community, and specifically useful to
> help guide BMC security work.  Certainly, I may want to refer back to it.
>
> The material is more-or-less in markdown format, but no promises.
>
> Take a peek, learn about auth security topics, correct my errors and
> omissions, and let me know your ideas how to incorporate this into the
> project.  Thank you!
>
> - Joseph
>

Would this have worked better as a gerrit commit, or a public gist
that you could point to?

>
> # BMCWeb auth primer
>
> This describes the BMCWeb server's authentication and authorization
> flows, showing how they relate to the usage shown in the [REDFISH
> cheatsheet][] and [REST cheatsheet][], to [Phosphor User Manager][], and
> to the [BMCWeb code][].
>
<SNIP>


More information about the openbmc mailing list