VNF Requirement Security Changes Round 1

VNFRQTS-828, VNFRQTS-839

Issue-ID: VNFRQTS-828

Signed-off-by: Amy Zwarico <amy.zwarico@att.com>
Change-Id: I9971adf14915f24e8798363fa3dfd5a319f580c5
Signed-off-by: Amy Zwarico <az9121@att.com>

1 files changed, 11 insertions, 10 deletions

diff --git a/docs/Chapter4/Security.rst b/docs/Chapter4/Security.rst
index 68e7bd7..bcec56b 100644
--- a/docs/Chapter4/Security.rst
+++ b/docs/Chapter4/Security.rst
@@ -406,15 +406,6 @@ Identity and Access Management Requirements
     to restrict access to VNF functions and data to authorized entities.
 
 .. req::
-    :id: R-85419
-    :target: VNF
-    :keyword: SHOULD
-    :updated: casablanca
-
-    The VNF **SHOULD** support OAuth 2.0 authorization using an external
-    Authorization Server.
-
-.. req::
     :id: R-75041
     :target: VNF
     :keyword: MUST
@@ -530,13 +521,23 @@ Identity and Access Management Requirements
    ending that session for that authenticated user.
 
 .. req::
+   :id: R-251639
+   :target: VNF
+   :keyword: MUST
+   :introduced: frankfurt
+
+   The VNF **MUST** provide explicit confirmation of a session termination
+   such as a message, new page, or rerouting to a login page.
+
+.. req::
    :id: R-45719
    :target: VNF
    :keyword: MUST
    :introduced: casablanca
+   :updated: frankfurt
 
    The VNF **MUST**, if not integrated with the Operator's Identity and Access
-   Management system, or enforce a configurable "terminate idle sessions"
+   Management system, enforce a configurable "terminate idle sessions"
    policy by terminating the session after a configurable period of inactivity.