VNF Requirement Security Changes Round 1

VNFRQTS-828, VNFRQTS-839

Issue-ID: VNFRQTS-828

Signed-off-by: Amy Zwarico <amy.zwarico@att.com>
Change-Id: I9971adf14915f24e8798363fa3dfd5a319f580c5
Signed-off-by: Amy Zwarico <az9121@att.com>

diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 68e7bd7..bcec56b 100644 (file)
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -405,15 +405,6 @@ Identity and Access Management Requirements
     The VNF **MUST** provide access controls that allow the Operator
     to restrict access to VNF functions and data to authorized entities.
 
-.. req::
-    :id: R-85419
-    :target: VNF
-    :keyword: SHOULD
-    :updated: casablanca
-
-    The VNF **SHOULD** support OAuth 2.0 authorization using an external
-    Authorization Server.
-
 .. req::
     :id: R-75041
     :target: VNF
@@ -529,14 +520,24 @@ Identity and Access Management Requirements
    The VNF **MUST** provide a means for the user to explicitly logout, thus
    ending that session for that authenticated user.
 
+.. req::
+   :id: R-251639
+   :target: VNF
+   :keyword: MUST
+   :introduced: frankfurt
+
+   The VNF **MUST** provide explicit confirmation of a session termination
+   such as a message, new page, or rerouting to a login page.
+
 .. req::
    :id: R-45719
    :target: VNF
    :keyword: MUST
    :introduced: casablanca
+   :updated: frankfurt
 
    The VNF **MUST**, if not integrated with the Operator's Identity and Access
-   Management system, or enforce a configurable "terminate idle sessions"
+   Management system, enforce a configurable "terminate idle sessions"
    policy by terminating the session after a configurable period of inactivity.