+1. will schedule next week? On Fri, Jul 26, 2013 at 3:39 PM, Prabath Siriwardena <[email protected]>wrote:
> Can we please arrange a design review for this. We discussed an > Application concept in IS and we need to see how all these integrate > together.. > > Thanks & regards, > -Prabath > > > On Fri, Jul 26, 2013 at 3:34 PM, Vijayaratha Vijayasingam <[email protected] > > wrote: > >> Hi all; >> >> *Our requirement* >> Currently we restrict the API for a particular user role. This is done by >> setting resource permissions at registry level . So, when user logged in to >> the API Store, based on his role that API will be visible to him. But , >> with the available feature ,we cannot restrict the API resources or HTTP >> verbs for a role. >> >> The requirement is, depending on the user's role we need to control API >> resources/HTTP verbs, when the API is available for a particular subscriber. >> eg: >> >> 1 )We publish an API called UserAPI with context /user/customers/v1. >> UserAPI contains other APIs (resources) under it; for example /alert and >> /register. As external developers are subscribing at /user/customers/v1 >> level , they get all the "resources" under this context. However at runtime >> user may want only some subscribers to be able to call /register resource; >> based on subscriber's role. (Resourse level access) >> >> 2) HTTP verb level access, for a single resource, some users need to >> access only browse(GET) permission, others want write(PUT) permission. >> >> * >> ways to achieve * >> >> 1) We could use XACML policy based on the role. >> 2) defining an oauth scope for resource/verbs level. >> >> In the 2nd method, we may have different access tokens for a single API. >> We , by default have 'production','sandbox' scopes for tokens. If we define >> more scopes, we might need more access tokens to be issued for an API, and >> allowing active tokens at a given time has to be considered. And also >> throttling will be a major consideration. >> >> How should we approach the above requirement? >> >> Thoughts are welcome.. >> >> Thanks >> -- >> -Ratha >> mobile: (+94)755906608 >> > > > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > > http://blog.facilelogin.com > http://RampartFAQ.com > -- /sumedha b : bit.ly/sumedha
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
