AWS verifiedpermissions documentation change
Summary
Removed mention of entity validation against policy store schema in IsAuthorized API documentation
Security assessment
The change removes a statement about schema validation but does not provide evidence of a security vulnerability. It may reflect documentation accuracy improvements rather than addressing a specific security issue.
Diff
diff --git a/verifiedpermissions/latest/userguide/authorization.md b/verifiedpermissions/latest/userguide/authorization.md index c27141284..6c29f44db 100644 --- a//verifiedpermissions/latest/userguide/authorization.md +++ b//verifiedpermissions/latest/userguide/authorization.md @@ -45 +45 @@ The Verified Permissions API has the following authorization operations. -The `IsAuthorized` API operation is the entry point to authorization requests with Verified Permissions. You must submit principal, action, resource, context, and entities elements. Verified Permissions validates the entities in your request against your policy store schema. Verified Permissions then evaluates your request against all policies in the requested policy store that apply to the entities in the request. +The `IsAuthorized` API operation is the entry point to authorization requests with Verified Permissions. You must submit principal, action, resource, context, and entities elements. Verified Permissions evaluates your request against all policies in the requested policy store that apply to the entities in the request.