Hi all, While looking at this [1] we decided that we need an architectural change to make AF work with API-M.
Problem - API-M doesn't support group subscription. So a group of developers/ownders cannot do a group subscription. So when AppOwner off foo-app subscribes to an API, if a developer of foo-app calls the APIM-REST API to get the list of APIs for foo-app it returns null. Right now AF is written to call the REST-APIs. So as a workaround when an Owner subscribe to an API we will store the unique identifier of the APIS. And we can show these APIs to rest of the developers. There is are two holes in the story - users can type the URL of APIM and go and subscribe. AppOwnder can type the URL and go and subscribe. Latter case is dangerous. There is no way for AF to store the subscribed API unique-id - what we can do is to do it at login/page load and etc .... Bottom line is we need group subscription to an application. thanks, dimuthu [1] https://wso2.org/jira/browse/APPFAC-1225 - Already subscribed APIs by an App Owner or a Developer should be visible to the team. On Sat, Jun 15, 2013 at 10:43 AM, Ushani Balasooriya <[email protected]>wrote: > Hi Punnadi, > > +1 Allowing Subscribe to API only for App Owner and making them visible > for the team. If that feature is implemented, following issues can be > resolved at once. > > https://wso2.org/jira/browse/APPFAC-1230 - When a user clicks on > Subscribed to API, user directs to the API Manager, with a different login > which was already logged in and does not allow to log out > > https://wso2.org/jira/browse/APPFAC-1225 - Already subscribed APIs by an > App Owner or a Developer should be visible to the team. > > https://wso2.org/jira/browse/APPFAC-1224 - Subscribe to an API should be > enabled only for App Owner and Developer. For Dev Ops for Production key > > https://wso2.org/jira/browse/APPFAC-1235 - Application sandbox prod user > tokens, consumer keys should be same for the app owner and developer > > Thanks and Regards, > Ushani > > > > On Fri, Jun 14, 2013 at 10:30 PM, Isabelle Mauny <[email protected]>wrote: > >> +1 - also, only the App owner should be in the subscriber role. SSO needs >> to work for the AppOwner though. >> >> Isabelle. >> __________________________________________________ >> *Isabelle Mauny* >> Director, Product Management; WSO2, Inc.; http://wso2.com/ >> >> On Jun 14, 2013, at 6:53 PM, Ajanthan Balachandran <[email protected]> >> wrote: >> >> >> >> >> On Fri, Jun 14, 2013 at 10:14 PM, Punnadi Gunarathna <[email protected]>wrote: >> >>> Hi All, >>> >>> We have identified $subject and the scenario is as follows: >>> >>> AppOwner creates an Application called "App1" in App Factory. >>> He loggs-in to API Manger and subscript App1 with "API1" and generate >>> key pairs. >>> He also invite few developers for App1. >>> >>> Based on the current implementation, any other developer who will login >>> to App Factory will not be able to see the previous subscription or already >>> generated keys and also since sso is enabled at API Manager front, they can >>> subscribe the same application individually again with the API1 and >>> generate new keys. >>> >>> But as per the requirement there should be only a single set of keys >>> generated for sandbox and production separately for a particular >>> application (It is true that we can regenerate keys and it is accepted). >>> But with the above scenario, each person can generate different key sets >>> for same application and this will be a hassle in terms of usage. >>> >>> As we discussed with Sumedha, API Manager currently does not support >>> group wise key generation. Therefore we have come up with a below strategy >>> to prevent each user from creating separate keys for the same application >>> over and over again. >>> >>> That is, Only the AppOwner will have the privilege to subscribe to an >>> API and re/generate keys with API Manager. The generated keys will be saved >>> in DB and when other users (dev,qa,devops) login, they can only see the >>> generated keys. We will also make SSO disabled and no buttons will be >>> available in UI to go to API Manager for these user roles. >>> >> If SSO is disabled(API store) how the appowner is going to login and >> subscribe to API(manually entering the credential again)? >> >>> >>> Feel free to share your feedback. >>> >>> -- >>> Thanks and Regards, >>> >>> Punnadi Gunarathna >>> Senior Software Engineer, WSO2, Inc.; http://wso2.com <http://wso2/> >>> email: [email protected] <[email protected]> >>> >>> <http://lalajisureshika.blogspot.com/> >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> ajanthan >> -- >> Ajanthan Balachandiran >> Senior Software Engineer; >> Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ >> >> email: ajanthan <http://goog_595075977/>@wso2.com <http://wso2.com/>; >> cell: +94775581497 >> blog: http://bkayts.blogspot.com/ >> >> Lean . Enterprise . Middleware >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Ushani Balasooriya* > Software Engineer - QA; > WSO2 Inc; http://www.wso2.com/. > Mobile; +94772636796 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: [email protected] Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
