Hi, Let us assume a group of subscribers have subscribed to a particular application in API manager. If there is a theft and if provider is going to minimize the token validation period. Then all the users who have already subscribed to that application are affected.
Practically, I suppose it is possible there can be many subscribers per an application. Thus, +1 for second approach. On Sat, Jul 6, 2013 at 7:08 AM, Samisa Abeysinghe <[email protected]> wrote: > Can you please diagram the sequence? It is hard to get this into head with > text alone. > > > On Fri, Jul 5, 2013 at 4:30 PM, Vijayaratha Vijayasingam > <[email protected]>wrote: > >> Hi all; >> Currently in the APIManager we provide an option in the identity.xml to >> configure the token validity period. But it is global level one time >> setting. >> >> *Scenario* >> >> If there is any theft in the tokens or publisher Admin may want to >> control the validity period of the token per Application/Per user level, >> based on some conditions, admin needs to configure the token validity >> period. >> Currently we don't have that facility in APIManager. >> >> >> *Approaches* >> >> To provide a flexible token validation configuration parameter; >> >> 1. At the store UI, when store admin/subscriber creates an >> application, we can ask for validityTime for the token. In this case, >> again, tokenValidity period is going to be Application level.So, this will >> affect all users who are subscribed to that application. (Let's say , this >> as "ApplicationToken Validity period") >> 2. At the store front, if we consider per user level validity period >> for an Application( Let's say,this as Usertoken validity period for >> Application), would be a better solution? >> >> >> How can we approach this token validity configuration ? >> >> Any thoughts/ideas are welcome.. >> >> Thanks. >> >> -- >> -Ratha >> mobile: (+94)755906608 >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > > Thanks, > Samisa... > > Samisa Abeysinghe > VP Engineering > WSO2 Inc. > http://wso2.com > http://wso2.org > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Hasitha Abeykoon* Software Engineer; WSO2, Inc.; http://wso2.com *cell:* *+94 719363063* *blog: **abeykoon.blogspot.com* <http://abeykoon.blogspot.com>* * * *
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
