At some point, we need to cut over to using OAuth-authenticated managed APIs instead of admin services. Would the Human Task engine be a good place to start that effort? We will soon have embedded API management available in every service hosting server .. so that means having an OAuth-authenticated managed API is really trivial plus you get a store of APIs built into every product.
Sanjiva. On Tue, Jul 30, 2013 at 12:14 PM, Hasitha Aravinda <[email protected]> wrote: > As we discussed in HumanTask protocol Implementation, we decided to > implement Humantask engine's protocol handler as an admin service. This > admin service provides an operation to exit a task. The reason behind > implementing this service as an admin service is Exiting a Task should only > be invoked by the Task Parent, the BPEL engine who created the task. > > So in the first cut implementation, we are thinking to authenticate task > parent as follows. > > When server setup, it creates a default user (which is configurable) who > has only permission to exit a task. When the BPEL engine calls the exit > operation, use basic auth to call the admin service. > > Later we are thinking to add support for session/token based > authentication mechanism for this module. > > Thanks, > Hasitha. > > -- > Hasitha Aravinda, > Software Engineer, > WSO2 Inc. > Email: [email protected] > Mobile: +94 71 8 210 200 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Sanjiva Weerawarana, Ph.D. Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 650 265 8311 blog: http://sanjiva.weerawarana.org/ Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
