Ok. I had thought of this the other way. I had assumed that the OC is operating the servers on behalf of the administrator.
Paul On 29 May 2013 07:11, Afkham Azeez <[email protected]> wrote: > > > On Wed, May 29, 2013 at 11:31 AM, Prabath Siriwardena <[email protected]>wrote: > >> There are two aspects in server to server authentication.. >> >> 1. Server access a resource in another server on behalf of a user. >> 2. Server acts as a trusted sub system for the other server >> >> For the first one OAuth is the recommended approach.. for the 2nd - >> Mutual Auth.. >> > > For OC, it is the 2nd approach. Hence, why we started this discussion > under the subject : "Mutual Authentication for OC". We want advice on how > to implement it. > > >> >> Thanks & regards, >> -Prabath >> >> >> On Wed, May 29, 2013 at 11:23 AM, Afkham Azeez <[email protected]> wrote: >> >>> >>> >>> On Wed, May 29, 2013 at 11:19 AM, Paul Fremantle <[email protected]> wrote: >>> >>>> I understand the picture. What I don't understand is the statement "it >>>> will be more convenient". Can you please explain why Mutual SSL is more >>>> convenient than OAuth? It certainly is less convenient for the ops guys who >>>> has to set it up! >>>> >>>> >>> What we have is a server to server authentication problem. Have we come >>> up with a platform level solution or recommendation for that? >>> >>> >>>> Paul >>>> >>>> >>>> On 28 May 2013 08:42, Ananda Manoj Kumara <[email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> On WSO2 Operation Center use case we need to securely communication >>>>> between OC and Manager nodes (server to server communication) about >>>>> cluster >>>>> information and other management information. According to the design >>>>> discussions it was suggested to use 'mutual authentication' during >>>>> communications. >>>>> >>>>> Currently Jaggery did not support server to server communication and >>>>> it use OAuth for communication using server credentials. But considering >>>>> OC >>>>> use-cases we need to maintain states of manager nodes periodically with OC >>>>> and we feel that it will be more convenient to use mutual authentication >>>>> through certs than accessing admin services using current OAuth >>>>> implementation. >>>>> >>>>> Your ideas are welcome about this matter. >>>>> >>>>> Thanks, >>>>> Manoj >>>>> >>>>> >>>>> Best Regards.. >>>>> >>>>> >>>>> Manoj Kumara >>>>> Software Engineer >>>>> WSO2, Inc.; http://wso2.com >>>>> >>>>> Twitter: http://twitter.com/ManKuma >>>>> Mobile: +94713448188 >>>>> >>>>> _______________________________________________ >>>>> Architecture mailing list >>>>> [email protected] >>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>> >>>>> >>>> >>>> >>>> -- >>>> Paul Fremantle >>>> CTO and Co-Founder, WSO2 >>>> OASIS WS-RX TC Co-chair, VP, Apache Synapse >>>> >>>> UK: +44 207 096 0336 >>>> US: +1 646 595 7614 >>>> >>>> blog: http://pzf.fremantle.org >>>> twitter.com/pzfreo >>>> [email protected] >>>> >>>> wso2.com Lean Enterprise Middleware >>>> >>>> Disclaimer: This communication may contain privileged or other >>>> confidential information and is intended exclusively for the addressee/s. >>>> If you are not the intended recipient/s, or believe that you may have >>>> received this communication in error, please reply to the sender indicating >>>> that fact and delete the copy you received and in addition, you should not >>>> print, copy, retransmit, disseminate, or otherwise use the information >>>> contained in this communication. Internet communications cannot be >>>> guaranteed to be timely, secure, error or virus-free. The sender does not >>>> accept liability for any errors or omissions. >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Director of Architecture; WSO2, Inc.; http://wso2.com >>> Member; Apache Software Foundation; http://www.apache.org/ >>> * <http://www.apache.org/>** >>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Paul Fremantle CTO and Co-Founder, WSO2 OASIS WS-RX TC Co-chair, VP, Apache Synapse UK: +44 207 096 0336 US: +1 646 595 7614 blog: http://pzf.fremantle.org twitter.com/pzfreo [email protected] wso2.com Lean Enterprise Middleware Disclaimer: This communication may contain privileged or other confidential information and is intended exclusively for the addressee/s. If you are not the intended recipient/s, or believe that you may have received this communication in error, please reply to the sender indicating that fact and delete the copy you received and in addition, you should not print, copy, retransmit, disseminate, or otherwise use the information contained in this communication. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions.
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
