On Mon, Jul 8, 2013 at 12:33 PM, Vijayaratha Vijayasingam <[email protected]>wrote:
> Hi samisa; > Attached two simple diagrams to explain both usecases.. > > - In the first approach(diag-1), when subscriber/store admin creates > an Application he needs to provide token validity time and it is common to > all users. > - In the second approach (diag-2), when users request for existing > applications, we can modify the application token validity period based on > some attributes. > > These are two approaches to control the Application token valid period in > a configurable manner at runtime. Currently, we provide a global parameter, > which is configured in the identity.xml and it is not sufficient, for the > mentioned reasons in the first post. > > As i got to know from sumedha, there is another usecase discussed, that > is, user may need to control the application token valid period based on > the session time. > > We can think these requirements in such a way that, we need to provide a > configurable option that the ApplicationToken validity time can be > configured for any combinations? (like throttling requirements) > +1, recently we were asked at a client site the possibility customizing the token expiration time per application. IMO we could have the default in identity.xml and provide the option to override it when creating the App, and give admins the option to invalidate all tokens issued for a particular app ... > Thanks.. > > > > > > On 6 July 2013 11:51, Hasitha Hiranya <[email protected]> wrote: > >> Hi, >> >> Let us assume a group of subscribers have subscribed to a >> particular application in API manager. If there is a theft and if provider >> is going to minimize the token validation period. Then all the users who >> have already subscribed to that application are affected. >> >> Practically, I suppose it is possible there can be many subscribers per >> an application. >> Thus, +1 for second approach. >> >> >> On Sat, Jul 6, 2013 at 7:08 AM, Samisa Abeysinghe <[email protected]>wrote: >> >>> Can you please diagram the sequence? It is hard to get this into headwith >>> text alone. >>> >>> >>> On Fri, Jul 5, 2013 at 4:30 PM, Vijayaratha Vijayasingam < >>> [email protected]> wrote: >>> >>>> Hi all; >>>> Currently in the APIManager we provide an option in the identity.xml to >>>> configure the token validity period. But it is global level one time >>>> setting. >>>> >>>> *Scenario* >>>> >>>> If there is any theft in the tokens or publisher Admin may want to >>>> control the validity period of the token per Application/Per user level, >>>> based on some conditions, admin needs to configure the token validity >>>> period. >>>> Currently we don't have that facility in APIManager. >>>> >>>> >>>> *Approaches* >>>> >>>> To provide a flexible token validation configuration parameter; >>>> >>>> 1. At the store UI, when store admin/subscriber creates an >>>> application, we can ask for validityTime for the token. In this >>>> case, again, tokenValidity period is going to be Application level.So, >>>> this will affect all users who are subscribed to that application. >>>> (Let's >>>> say , this as "ApplicationToken Validity period") >>>> 2. At the store front, if we consider per user level validity >>>> period for an Application( Let's say,this as Usertoken validity >>>> period for Application), would be a better solution? >>>> >>>> >>>> How can we approach this token validity configuration ? >>>> >>>> Any thoughts/ideas are welcome.. >>>> >>>> Thanks. >>>> >>>> -- >>>> -Ratha >>>> mobile: (+94)755906608 >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> >>> Thanks, >>> Samisa... >>> >>> Samisa Abeysinghe >>> VP Engineering >>> WSO2 Inc. >>> http://wso2.com >>> http://wso2.org >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Hasitha Abeykoon* >> Software Engineer; WSO2, Inc.; http://wso2.com >> *cell:* *+94 719363063* >> *blog: **abeykoon.blogspot.com* <http://abeykoon.blogspot.com>* * >> * >> * >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > -Ratha > mobile: (+94)755906608 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks, Shariq. Phone: +94 777 202 225
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
