Deployed 97b882e5 to develop in public with MkDocs 1.6.1 and mike 2.1.3

334a0c7f · Jorge Moratinos · d527ce58 · 334a0c7f · 334a0c7f · 334a0c7f
Commit 334a0c7f authored 1 month ago by Jorge Moratinos
--- a/public/develop/releasenotes/index.html
+++ b/public/develop/releasenotes/index.html
@@ -415,6 +415,24 @@
    </span>
  </a>
  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#supportedfeatures-negotiation" class="md-nav__link">
+    <span class="md-ellipsis">
+      SupportedFeatures Negotiation
+    </span>
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#security-method-pki" class="md-nav__link">
+    <span class="md-ellipsis">
+      Security Method PKI
+    </span>
+  </a>
+  
 </li>
        
      </ul>
@@ -1790,6 +1808,24 @@
    </span>
  </a>
  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#supportedfeatures-negotiation" class="md-nav__link">
+    <span class="md-ellipsis">
+      SupportedFeatures Negotiation
+    </span>
+  </a>
+  
+</li>
+        
+          <li class="md-nav__item">
+  <a href="#security-method-pki" class="md-nav__link">
+    <span class="md-ellipsis">
+      Security Method PKI
+    </span>
+  </a>
+  
 </li>
        
      </ul>
@@ -2179,9 +2215,6 @@
 <li>New Event Filter test suite with 8 tests. <a href="../testing/testplan/event_filter/">Event Filter test suite</a></li>
 </ul>
 <h3 id="technical-debt-solved"><strong>Technical Debt Solved</strong></h3>
-<ul>
-<li>Implemented in the API Provider Management the supported features negotiation for the suppFeat field during provider registration. The server now decodes the negotiated feature set based on client capabilities and system support.</li>
-</ul>
 <h4 id="hardening-on-startup-scripts-for-services-interacting-with-vault"><strong>Hardening on startup scripts for services interacting with Vault</strong></h4>
 <p>The startup scripts of the <strong><em>Invoker Management Service</em></strong>, <strong><em>Provider Management Service</em></strong>, and <strong><em>Security Service</em></strong> have been improved to ensure reliability when the Vault service takes longer to become ready. These new scripts check responses from the Vault to ensure the returned information is valid before starting each service.</p>
 <p>This will also helps on the restart issue on k8s deployed OpenCAPIF.</p>
@@ -2194,6 +2227,22 @@
 <li>Documentation about Dynamic Configuration.</li>
 <li>Documentation about Helper and Register swaggers.</li>
 </ul>
+<h4 id="supportedfeatures-negotiation">SupportedFeatures Negotiation</h4>
+<ul>
+<li>
+<p>Implemented in the API Provider Management the supported features negotiation for the suppFeat field during provider registration. The server now decodes the negotiated feature set based on client capabilities and system support.</p>
+</li>
+<li>
+<p>Code Review of Events API according to the supported features negotiation.</p>
+</li>
+<li>
+<p>Code Review of Discover API according to the supported features negotiation.</p>
+</li>
+</ul>
+<h4 id="security-method-pki">Security Method PKI</h4>
+<ul>
+<li>Security API Service GET /trustedInvokers/{apiIncokerId} logic updated. Now it will check securityMethod selected and according to that, inserts on authenticationInfo and authorizedInfo attributes the needed information <a href="https://labs.etsi.org/rep/ocf/community/-/wikis/pki-flow">PKI Flow</a></li>
+</ul>
 <h3 id="documentation"><strong>Documentation</strong></h3>
 <h4 id="improvements-over-documentation">Improvements over documentation</h4>
 <ul>
@@ -2208,6 +2257,7 @@
 <li>New tests related with <a href="../testing/testplan/event_filter/">Event Filter Feature</a>.</li>
 <li>New tests related with <a href="../testing/testplan/vendor_extensibility/">Vendor Extensibility</a></li>
 <li><a href="../testing/testplan/api_security_service/">Security Service Testplan</a> updated according to new features and Technical debts.</li>
+<li>New test on <a href="../testing/testplan/api_security_service/">Security Service Testplan</a> related with PKI security Method flow, GET request to security perform by AEF must returns CA_Root on authenticationInfo attribute at SecurityInfo.</li>
 </ul>
 <h2 id="release-200"><strong>Release 2.0.0</strong></h2>
 <h3 id="new-features_1"><strong>New Features</strong></h3>

--- a/public/develop/search/search_index.json
+++ b/public/develop/search/search_index.json
--- a/public/develop/sitemap.xml
+++ b/public/develop/sitemap.xml
@@ -2,146 +2,146 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
    <url>
         <loc>https://ocf.etsi.org/develop/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/FAQ/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/architecture/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/releasenotes/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/api-status/api-status/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/configuration/configuration/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/contribute/documenting/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/event-filter/event-filter/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/example-clients/example-clients/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/gettingstarted/howtorun/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/gettingstarted/repository/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/helper/helper/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/helper/swagger/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/register/register/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/register/swagger/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/sandbox/relevantinfo/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/sandbox/requestaccess/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/sandbox/sandbox/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/sdk/sdk/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/postman/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/robotframework/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_access_control_policy/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_auditing_service/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_discover_service/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_events_service/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_invoker_management/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_logging_service/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_provider_management/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_publish_service/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_security_service/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/api_status/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/common_operations/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/event_filter/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/testing/testplan/vendor_extensibility/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
    <url>
         <loc>https://ocf.etsi.org/develop/vendor-ext/vendor-ext/</loc>
-         <lastmod>2025-04-03</lastmod>
+         <lastmod>2025-04-07</lastmod>
    </url>
 </urlset>
\ No newline at end of file
--- a/public/develop/sitemap.xml.gz
+++ b/public/develop/sitemap.xml.gz
--- a/public/develop/testing/testplan/api_security_service/index.html
+++ b/public/develop/testing/testplan/api_security_service/index.html
@@ -1497,6 +1497,15 @@
    </span>
  </a>
  
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#test-case-28-retrieve-security-context-from-aef-using-pki-secured-api-invoker" class="md-nav__link">
+    <span class="md-ellipsis">
+      Test Case 28: Retrieve Security Context from AEF using PKI-secured API Invoker
+    </span>
+  </a>
+  
 </li>
      
    </ul>
@@ -3133,6 +3142,80 @@
 </ol>
 </li>
 </ol>
+<h2 id="test-case-28-retrieve-security-context-from-aef-using-pki-secured-api-invoker">Test Case 28: Retrieve Security Context from AEF using PKI-secured API Invoker</h2>
+<p><strong>Test ID</strong>:: <strong><em>capif_security_api-28</em></strong>, <strong><em>smoke</em></strong></p>
+<p><strong>Description</strong>:</p>
+<p>Validate that the AEF can successfully retrieve the security context of an API Invoker when the selected security method is PKI and it contains CA root at <strong><em>authenticationInfo</em></strong> attribute inside securityInfo.</p>
+<p><strong>Pre-Conditions</strong>:</p>
+<ul>
+<li>API Invoker is pre-authorised and Provider is also authorized</li>
+</ul>
+<p><strong>Execution Steps</strong>:</p>
+<ol>
+<li>Register and onboard Invoker at CCF.</li>
+<li>Register Provider at CCF, store certificates and Publish Service API <strong>service_1</strong> at CCF with only <strong>PKI</strong> as security method allowed.</li>
+<li>Create Security Context indicating all security methods security methods as preferred in <strong><em>prefSecurityMethods</em></strong> attribute.</li>
+<li>Retrieve Security Context by <strong>AEF</strong>.</li>
+</ol>
+<p><strong>Information of Test</strong>:</p>
+<ol>
+<li>
+<p>Perform <a href="../common_operations/#onboard-an-invoker" title="Invoker Onboarding">Invoker Onboarding</a> and <a href="../common_operations/#register-a-provider" title="Provider Registration">Provider Registration</a> </p>
+</li>
+<li>
+<p>Publish Service API at CCF:</p>
+<ul>
+<li>Send <strong>POST</strong> to ccf_publish_url <strong>https://{CAPIF_HOSTNAME}/published-apis/v1/{apfId}/service-apis</strong></li>
+<li>body <a href="../api_publish_service/service_api_description_post_example.json" title="Service API Description Request">service api description</a> with apiName <strong>service_1</strong></li>
+<li>apiName: <strong>service_1</strong></li>
+<li>securityMethods: <strong>PKI</strong></li>
+<li>Use <strong>APF Certificate</strong></li>
+</ul>
+</li>
+<li>
+<p>Create Security Context for this Invoker</p>
+<ul>
+<li>Send <strong>PUT</strong> <strong>https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}</strong></li>
+<li>body <a href="service_security.json" title="Service Security Request">service security body</a><ul>
+<li>prefSecurityMethods: <strong>['PKI','PSK','OAUTH']</strong></li>
+</ul>
+</li>
+<li>Using <strong>Invoker Certificate</strong>.</li>
+<li>Create Security Information Body with one <strong>securityInfo</strong> for each aef present at each serviceAPIDescription present at Discover.</li>
+</ul>
+</li>
+<li>
+<p>Retrieve Service Security by AEF:</p>
+<ul>
+<li>Sent GET <strong>https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}?authenticationInfo=true&amp;authorizationInfo=true</strong>.</li>
+<li>Query parameters <strong><em>authenticationInfo</em></strong> and <strong><em>authorizationInfo</em></strong> set to true.</li>
+<li>Using <strong>AEF Certificate</strong></li>
+</ul>
+</li>
+</ol>
+<p><strong>Expected Result</strong>:</p>
+<ol>
+<li>
+<p>Response to Security Context Creation:</p>
+<ol>
+<li><strong>200 OK</strong> response.</li>
+<li>body returned must accomplish <strong>ServiceSecurity</strong> data structure, with:<ul>
+<li><strong><em>selSecurityMethod</em></strong> inside <strong><em>securityInfo</em></strong>: <strong>PKI</strong></li>
+</ul>
+</li>
+</ol>
+</li>
+<li>
+<p>Response to GET Service Security:</p>
+<ol>
+<li><strong>200 OK</strong> Response.</li>
+<li>body returned must accomplish <strong>ServiceSecurity</strong><ol>
+<li><strong><em>securityinfo</em></strong> attribue only contains one item with <strong><em>authenticationInfo</em></strong> containing CA root.</li>
+</ol>
+</li>
+</ol>
+</li>
+</ol>