[
http://jira.amdatu.org/jira/browse/AMDATUAUTH-49?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivo Ladage - van Doorn updated AMDATUAUTH-49:
---------------------------------------------
Description:
A generic mechanism should be available to secure REST services. This mechanism
should consider:
- OAuth signed requests, without access tokens
- 2-legged OAuth with pre-authorized tokens
- 3-legged OAuth
- Validating Amdatu token for site authentication + UserAdmin authorization
check
- Administration of authorization per REST service/method. So an admin ui
should be available in which can be defined what roles have access to invoke
what REST service, and which methods of this service. Or something like that...
The implementation of the framework is already covered by AMDATU-50 and
AMDATU-87. This issue only covers leveraging the framework and implement auth
checks for available REST services.
was:
A generic mechanism should be available to secure REST services. This mechanism
should consider:
- oAuth for server to server communication (signed requests)
- 3-legged oAuth for user-protected resources
- Validating Amdatu token for site authentication + UserAdmin authorization
check
- Administration of authorization per REST service/method. So an admin ui
should be available in which can be defined what roles have access to invoke
what REST service, and which methods of this service. Or something like that...
The implementation of the framework is already covered by AMDATU-50 and
AMDATU-87. This issue only covers leveraging the framework and implement auth
checks for available REST services.
> Implement authentication and authorization for existing REST services
> ---------------------------------------------------------------------
>
> Key: AMDATUAUTH-49
> URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-49
> Project: Amdatu Auth
> Issue Type: Roadmap Issue
> Components: Authorization & authentication
> Reporter: Ivo Ladage - van Doorn
> Labels: blueconic
> Fix For: 0.2.2
>
>
> A generic mechanism should be available to secure REST services. This
> mechanism should consider:
> - OAuth signed requests, without access tokens
> - 2-legged OAuth with pre-authorized tokens
> - 3-legged OAuth
> - Validating Amdatu token for site authentication + UserAdmin authorization
> check
> - Administration of authorization per REST service/method. So an admin ui
> should be available in which can be defined what roles have access to invoke
> what REST service, and which methods of this service. Or something like
> that...
> The implementation of the framework is already covered by AMDATU-50 and
> AMDATU-87. This issue only covers leveraging the framework and implement auth
> checks for available REST services.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
http://jira.amdatu.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
