Hi All, We have identified $subject and the scenario is as follows:
AppOwner creates an Application called "App1" in App Factory. He loggs-in to API Manger and subscript App1 with "API1" and generate key pairs. He also invite few developers for App1. Based on the current implementation, any other developer who will login to App Factory will not be able to see the previous subscription or already generated keys and also since sso is enabled at API Manager front, they can subscribe the same application individually again with the API1 and generate new keys. But as per the requirement there should be only a single set of keys generated for sandbox and production separately for a particular application (It is true that we can regenerate keys and it is accepted). But with the above scenario, each person can generate different key sets for same application and this will be a hassle in terms of usage. As we discussed with Sumedha, API Manager currently does not support group wise key generation. Therefore we have come up with a below strategy to prevent each user from creating separate keys for the same application over and over again. That is, Only the AppOwner will have the privilege to subscribe to an API and re/generate keys with API Manager. The generated keys will be saved in DB and when other users (dev,qa,devops) login, they can only see the generated keys. We will also make SSO disabled and no buttons will be available in UI to go to API Manager for these user roles. Feel free to share your feedback. -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com <http://wso2> email: [email protected] <[email protected]> <http://lalajisureshika.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
