Can you please diagram the sequence? It is hard to get this into head with text alone.
On Fri, Jul 5, 2013 at 4:30 PM, Vijayaratha Vijayasingam <[email protected]>wrote: > Hi all; > Currently in the APIManager we provide an option in the identity.xml to > configure the token validity period. But it is global level one time > setting. > > *Scenario* > > If there is any theft in the tokens or publisher Admin may want to control > the validity period of the token per Application/Per user level, based on > some conditions, admin needs to configure the token validity period. > Currently we don't have that facility in APIManager. > > > *Approaches* > > To provide a flexible token validation configuration parameter; > > 1. At the store UI, when store admin/subscriber creates an > application, we can ask for validityTime for the token. In this case, > again, tokenValidity period is going to be Application level.So, this will > affect all users who are subscribed to that application. (Let's say , this > as "ApplicationToken Validity period") > 2. At the store front, if we consider per user level validity period > for an Application( Let's say,this as Usertoken validity period for > Application), would be a better solution? > > > How can we approach this token validity configuration ? > > Any thoughts/ideas are welcome.. > > Thanks. > > -- > -Ratha > mobile: (+94)755906608 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks, Samisa... Samisa Abeysinghe VP Engineering WSO2 Inc. http://wso2.com http://wso2.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
