+1 - also, only the App owner should be in the subscriber role. SSO needs to work for the AppOwner though.
Isabelle. __________________________________________________ Isabelle Mauny Director, Product Management; WSO2, Inc.; http://wso2.com/ On Jun 14, 2013, at 6:53 PM, Ajanthan Balachandran <[email protected]> wrote: > > > > On Fri, Jun 14, 2013 at 10:14 PM, Punnadi Gunarathna <[email protected]> wrote: > Hi All, > > We have identified $subject and the scenario is as follows: > > AppOwner creates an Application called "App1" in App Factory. > He loggs-in to API Manger and subscript App1 with "API1" and generate key > pairs. > He also invite few developers for App1. > > Based on the current implementation, any other developer who will login to > App Factory will not be able to see the previous subscription or already > generated keys and also since sso is enabled at API Manager front, they can > subscribe the same application individually again with the API1 and generate > new keys. > > But as per the requirement there should be only a single set of keys > generated for sandbox and production separately for a particular application > (It is true that we can regenerate keys and it is accepted). But with the > above scenario, each person can generate different key sets for same > application and this will be a hassle in terms of usage. > > As we discussed with Sumedha, API Manager currently does not support group > wise key generation. Therefore we have come up with a below strategy to > prevent each user from creating separate keys for the same application over > and over again. > > That is, Only the AppOwner will have the privilege to subscribe to an API and > re/generate keys with API Manager. The generated keys will be saved in DB and > when other users (dev,qa,devops) login, they can only see the generated keys. > We will also make SSO disabled and no buttons will be available in UI to go > to API Manager for these user roles. > If SSO is disabled(API store) how the appowner is going to login and > subscribe to API(manually entering the credential again)? > > Feel free to share your feedback. > > -- > Thanks and Regards, > > Punnadi Gunarathna > Senior Software Engineer, WSO2, Inc.; http://wso2.com > email: [email protected] > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > > > > -- > ajanthan > -- > Ajanthan Balachandiran > Senior Software Engineer; > Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ > > email: [email protected]; cell: +94775581497 > blog: http://bkayts.blogspot.com/ > > Lean . Enterprise . Middleware > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
