Will be back on 2nd.. better after that... Thanks & regards, -Prabath
On Fri, Jul 26, 2013 at 3:43 PM, Sumedha Rubasinghe <[email protected]>wrote: > +1. will schedule next week? > > > On Fri, Jul 26, 2013 at 3:39 PM, Prabath Siriwardena <[email protected]>wrote: > >> Can we please arrange a design review for this. We discussed an >> Application concept in IS and we need to see how all these integrate >> together.. >> >> Thanks & regards, >> -Prabath >> >> >> On Fri, Jul 26, 2013 at 3:34 PM, Vijayaratha Vijayasingam < >> [email protected]> wrote: >> >>> Hi all; >>> >>> *Our requirement* >>> Currently we restrict the API for a particular user role. This is done >>> by setting resource permissions at registry level . So, when user logged in >>> to the API Store, based on his role that API will be visible to him. But , >>> with the available feature ,we cannot restrict the API resources or HTTP >>> verbs for a role. >>> >>> The requirement is, depending on the user's role we need to control API >>> resources/HTTP verbs, when the API is available for a particular subscriber. >>> eg: >>> >>> 1 )We publish an API called UserAPI with context /user/customers/v1. >>> UserAPI contains other APIs (resources) under it; for example /alert and >>> /register. As external developers are subscribing at /user/customers/v1 >>> level , they get all the "resources" under this context. However at runtime >>> user may want only some subscribers to be able to call /register resource; >>> based on subscriber's role. (Resourse level access) >>> >>> 2) HTTP verb level access, for a single resource, some users need to >>> access only browse(GET) permission, others want write(PUT) permission. >>> >>> * >>> ways to achieve * >>> >>> 1) We could use XACML policy based on the role. >>> 2) defining an oauth scope for resource/verbs level. >>> >>> In the 2nd method, we may have different access tokens for a single API. >>> We , by default have 'production','sandbox' scopes for tokens. If we define >>> more scopes, we might need more access tokens to be issued for an API, and >>> allowing active tokens at a given time has to be considered. And also >>> throttling will be a major consideration. >>> >>> How should we approach the above requirement? >>> >>> Thoughts are welcome.. >>> >>> Thanks >>> -- >>> -Ratha >>> mobile: (+94)755906608 >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > /sumedha > b : bit.ly/sumedha > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
