Hi
Please find the UI [1] view of the Secure Vault Tool which allows
super/tenant to to perform all the require CURD operations to manage Secure
Vault password, I named this component as Secure Vault Tool (may be we can
come up with proper technical definition), what actually happens
when performing add/edit those values will be encrypted, it uses secure
vault API for the encryption decryption operations, actually the encrypted
information can be found in [2]
So if you perform something like, as we agreed wit secure vault lookup it
will search the RegistryBaseRepository and the value and performs the
operation basically did implement a caching mechanism where it will do the
encryption of the given message during initialization or during the edit
operations,
* <twitter.config>*
*
<oauth.consumerSecret>EvTEzc3jj9Z1Kx58ylNfkpnuXYuCeGgKhkVkziYNMs</oauth.consumerSecret>
*
*
<oauth.accessTokenSecret>{vault-lookup('dushan.outh.accessTokenSecret')}</oauth.accessTokenSecret>
*
*
<oauth.accessToken>{vault-lookup('dushan.oauth.accessToken')}</oauth.accessToken>
*
*
<oauth.consumerKey>{vault-lookup('dushan.oauth.consumerKey')}</oauth.consumerKey>
*
* </twitter.config>*
*
*
*
*
* <twitter.search>*
* <search>hotel</search>*
* </twitter.search>*
*
*
suggestions are well come, I am planning to do a code review on Monday
(probably) to identify holes and gaps of the current implementation.
[1]
- Secure Vault Tool
-
- Manage
Passwords<https://localhost:9443/carbon/mediation_secure_vault/manageSecureVault.jsp?region=region1&item=secure_vault_list_view>
Help<https://localhost:9443/carbon/mediation_secure_vault/docs/userguide.html>
Secure
Vault Password Management
UI view
Add New Password to encrypt and store
0 Secure Vault Password Management
NameValue Actiondushan.oauth.accessToken
****************************************** EditDelete
dushan.oauth.consumerKey****************************************** Edit
Delete dushan.outh.accessTokenSecret
******************************************
If brows registry those encrypted values will be shown as below.
[2]
Root
<https://localhost:9443/carbon/resources/resource.jsp?region=region3&item=resource_browser_menu&viewType=std&path=/_system/config/connector-secure-vault-config#>
/<https://localhost:9443/carbon/resources/resource.jsp?region=region3&item=resource_browser_menu&viewType=std&path=/_system/config/connector-secure-vault-config#>
_system<https://localhost:9443/carbon/resources/resource.jsp?region=region3&item=resource_browser_menu&viewType=std&path=/_system/config/connector-secure-vault-config#>
/
config
<https://localhost:9443/carbon/resources/resource.jsp?region=region3&item=resource_browser_menu&viewType=std&path=/_system/config/connector-secure-vault-config#>
/
connector-secure-vault-config
<https://localhost:9443/carbon/resources/resource.jsp?region=region3&item=resource_browser_menu&viewType=std&path=/_system/config/connector-secure-vault-config#>
Add New Property
0 Properties
Name Value Action dushan.oauth.accessToken
kbM9nXeAwfgmiASYZ14KHTdN8Ia4OcQVw+SeqGedS4utc7bXix6rGMtzjwNPY23iNMew3gUMYtX9
I508VfwPfiIyFb6C8RIjqC3QG9ubLeexqoY2Vq6v+OZGNUZIAXROi/XEnJvGlENeGa9WZdm8X1RC
X2/nHjhpy0YKSsnAKzs= EditDelete dushan.oauth.consumerKey
W4OoMXxJWB9XXdWyV6MKz4aDyP+1qOS16OJOgeFxfNs17xQN9/tQQBl+sUcU/n3Nrpp5SFiloISk
Q1I4CKnTv02MzKJpZWOMiKyAp5Gd41VPD1TAn3wIRXENwwETH6gja0RvBNqtR9nEcy+/rnb6C7XD
ZgfHqB/i0P7sNRLqF3A= EditDelete dushan.outh.accessTokenSecret
Jn1NhBWDlGMwFCxC6OtLhprjxAm2xr0ijQmx7MnLsh2WRgjviVShpQr70KY1svnt0t6qjTgOszVn
u1beqVLB13PpUxTbJcgq7X2NRB6W05ChVdqxjYD5AgFC17dU/ZwNHh4bpNZYNhaNDaqJRuDmB2i8
oQ+zXtWs9IsXdF4Gb/8= EditDelete
Entries
On Fri, Jul 26, 2013 at 12:53 AM, Viraj Rajaguru <[email protected]> wrote:
>
>
>
> On Thu, Jul 25, 2013 at 7:17 AM, Samisa Abeysinghe <[email protected]>wrote:
>
>> So, Viraj, we need to take this design into account in the DevS visual
>> tool.
>> Lets come up with the initial mock-up we came up with, and then see how
>> to address the names vs not-named cases.
>>
>
> Noted.
>
>>
>>
>> On Thu, Jul 25, 2013 at 7:07 AM, Samisa Abeysinghe <[email protected]>wrote:
>>
>>>
>>>
>>>
>>> On Wed, Jul 24, 2013 at 8:45 PM, Sanjiva Weerawarana
>>> <[email protected]>wrote:
>>>
>>>> One of the lessons I learnt from WSDL is not to force users to define
>>>> and name things unless they need to reuse it. So forcing me to create a
>>>> named config is annoying IMO. I'm +1 for being able to call
>>>> <twitter.config> once and forget about it for the current MC - it has to
>>>> work that way. I think that's enough to handle Samisa's usecase nicely too
>>>> (unless I've misunderstood).
>>>>
>>>> So, +1 for being able to name the config and use it, but -1 on forcing
>>>> that.
>>>>
>>>
>>> That should work.
>>>
>>>
>>>>
>>>> Sanjiva.
>>>>
>>>>
>>>> On Wed, Jul 24, 2013 at 5:24 PM, Kasun Indrasiri <[email protected]>wrote:
>>>>
>>>>>
>>>>> - How about not having twiiter.config element and instead we define
>>>>> that as a local entry as mentioned above. Then we only refer them when
>>>>> invoking an operation. (Virtually all operations have 'conf' as an
>>>>> optional
>>>>> parameter and if not specified it will use the existing values from the
>>>>> context)
>>>>>
>>>>> <twitter.updateStatus conf="sanjiva_twitter_conf">Hello, World (from
>>>>> Sanjiva)</twitter.updateStatus>
>>>>> <twitter.updateStatus >Hello, World 2 (from
>>>>> Sanjiva)</twitter.updateStatus> <!-- Still use the same credentials -->
>>>>>
>>>>> <twitter.updateStatus conf="samisa_twitter_conf">Hello, World (from
>>>>> Samisa)</twitter.updateStatus>
>>>>>
>>>>>
>>>>> On Wed, Jul 24, 2013 at 4:51 PM, Sanjiva Weerawarana <[email protected]
>>>>> > wrote:
>>>>>
>>>>>> On Wed, Jul 24, 2013 at 4:14 PM, Samisa Abeysinghe
>>>>>> <[email protected]>wrote:
>>>>>>
>>>>>>> OK, so, it should be at proxy level. If there are two twitter
>>>>>>> connectors for a proxy, they will be defined as twitterYou and twitterMe
>>>>>>> within the proxy scope. And we can re-use them in sequences as we wish.
>>>>>>>
>>>>>>
>>>>>> I don't think I understand what that means ... connector "instances"
>>>>>> are not named - so what does twitterYou an twitterMe mean when there's no
>>>>>> config separated? If there's no config reference, there's only one config
>>>>>> in scope .. whatever was defined earlier in the sequence. So there's only
>>>>>> one around.
>>>>>>
>>>>>> If you want to do a status update as "you" vs "me" then you'd need to
>>>>>> reenter <twitter.config> with the right creds and then use it (see
>>>>>> below).
>>>>>>
>>>>>> Dushan why are the properties named
>>>>>>>> synapse.runtime.oauth.accessToken?? There are two problems with this:
>>>>>>>> - this has NOTHING to do with Synapse so its wrong to
>>>>>>>> synapse.runtime.*.
>>>>>>>> - second, MORE IMPORTANTLY, many mediators will have an
>>>>>>>> oauth.accessToken property! So this will not work .. it needs to be
>>>>>>>> twitter.oauth.accessToken (which is what I said the first time IIRC).
>>>>>>>>
>>>>>>>
>>>>>> I made a mistake here .. the property names should be possible to be
>>>>>> arbitrary - otherwise we can't do Samisa's scenario above of tweeting as
>>>>>> X
>>>>>> and tweeting as Y:
>>>>>>
>>>>>> <sequence>
>>>>>> <!-- tweet as sanjiva -->
>>>>>> <twitter.config>
>>>>>> <oauth.consumerSecret>{vault-lookup('*sanjiva*
>>>>>> .twitter.oauth.consumerSecret')}</oauth.consumerSecret>
>>>>>>
>>>>>>
>>>>>> <oauth.accessTokenSecret>{vault-lookup('sanjiva.twitter.outh.accessTokenSecret')}</oauth.accessTokenSecret>
>>>>>>
>>>>>>
>>>>>> <oauth.accessToken>{vault-lookup('sanjiva.twitter.oauth.accessToken')}</oauth.accessToken>
>>>>>>
>>>>>>
>>>>>> <oauth.consumerKey>{vault-lookup('sanjiva.twitter.oauth.consumerKey')}</oauth.consumerKey>
>>>>>> </twitter.config>
>>>>>> <twitter.updateStatus>Hello, World (from
>>>>>> Sanjiva)</twitter.updateStatus>
>>>>>>
>>>>>> <!-- tweet as samisa -->
>>>>>> <twitter.config>
>>>>>> <oauth.consumerSecret>{vault-lookup('*samisa*
>>>>>> .twitter.oauth.consumerSecret')}</oauth.consumerSecret>
>>>>>>
>>>>>>
>>>>>> <oauth.accessTokenSecret>{vault-lookup('saisa.twitter.outh.accessTokenSecret')}</oauth.accessTokenSecret>
>>>>>>
>>>>>>
>>>>>> <oauth.accessToken>{vault-lookup('samisa.twitter.oauth.accessToken')}</oauth.accessToken>
>>>>>>
>>>>>>
>>>>>> <oauth.consumerKey>{vault-lookup('samisa.twitter.oauth.consumerKey')}</oauth.consumerKey>
>>>>>> </twitter.config>
>>>>>> <twitter.updateStatus>Hello, World (from
>>>>>> Samisa)</twitter.updateStatus>
>>>>>> </sequence>
>>>>>>
>>>>>> Now someone just has to get the right info into the vault.
>>>>>>
>>>>>> Sanjiva.
>>>>>> --
>>>>>> Sanjiva Weerawarana, Ph.D.
>>>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/
>>>>>> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787
>>>>>> 6880 | +1 650 265 8311
>>>>>> blog: http://sanjiva.weerawarana.org/
>>>>>>
>>>>>> Lean . Enterprise . Middleware
>>>>>>
>>>>>> _______________________________________________
>>>>>> Architecture mailing list
>>>>>> [email protected]
>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Kasun Indrasiri
>>>>> Software Architect
>>>>> WSO2, Inc.; http://wso2.com
>>>>> lean.enterprise.middleware
>>>>>
>>>>> cell: +94 71 536 4128
>>>>> Blog : http://kasunpanorama.blogspot.com/
>>>>>
>>>>> _______________________________________________
>>>>> Architecture mailing list
>>>>> [email protected]
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sanjiva Weerawarana, Ph.D.
>>>> Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/
>>>> email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880| +1
>>>> 650 265 8311
>>>> blog: http://sanjiva.weerawarana.org/
>>>>
>>>> Lean . Enterprise . Middleware
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> [email protected]
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> Thanks,
>>> Samisa...
>>>
>>> Samisa Abeysinghe
>>> VP Engineering
>>> WSO2 Inc.
>>> http://wso2.com
>>> http://wso2.org
>>>
>>
>>
>>
>> --
>>
>> Thanks,
>> Samisa...
>>
>> Samisa Abeysinghe
>> VP Engineering
>> WSO2 Inc.
>> http://wso2.com
>> http://wso2.org
>>
>
>
>
> --
> Viraj Rajaguru
> Software Engineer
> WSO2 Inc. : http://wso2.com
>
> Mobile: +94 77 3683068
>
>
>
>
> _______________________________________________
> Architecture mailing list
> [email protected]
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
--
Dushan Abeyruwan
Associate Tech Lead
*Integration Technologies Team*
*WSO2 Inc. http://wso2.com/*
*Mobile:(+94)714408632*
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
