Hi Azeez,
On Fri, Aug 16, 2013 at 11:16 AM, Afkham Azeez <[email protected]> wrote: > If the tenant somehow manages to override the behavior of the "admin" > services in their spaces, can it cause any adverse effects to other tenants > or the system? Will that cause them to override the default policies > enforced in the system? > > I don't see that happening because we are talking about services within a tenant, perhaps I am missing a point. thanks, dimuthu > Azeez > > > On Wed, Aug 14, 2013 at 9:26 AM, Dimuthu Leelarathne <[email protected]>wrote: > >> Hi, >> >> AF BPELs are running in the super tenant space. Now the question is, >> whether BPEL should invoke admin services deployed in respective tenant >> space or super tenant space. >> >> Here is sample of the admin services [1] From that we can see that some >> admin services should be in super tenant space and others in respective >> tenant space. >> >> So now comes the question, how can a BPEL running in admin space invoke >> an admin service in tenant space? >> >> Here is the answer that can be seen so far. >> >> 1 - Write the mutual auth authenticator for carbon framework. This would >> check whether the call is coming over a 2 way SSL connection and let the >> user through. The authorization happen as the real user. This is discussed >> in the mail thread titled "Multi-tenant AF user model" architecture@ >> 2 - Extend the UnifiedEndPoint handler to inject the invoking person's >> name in to a header (SOAP or HTTP) >> >> And another separate point, the admin services marked in yellow should >> have an explicit permission check before performing any action to check >> whether the user has permission to do particular action for the application. >> >> WDYT? >> >> thanks, >> dimuthu >> >> >> >> >> -- >> Dimuthu Leelarathne >> Architect & Product Lead of App Factory >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile : 0773661935 >> >> Lean . Enterprise . Middleware >> > > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > > * > * > *Lean . Enterprise . Middleware* > -- Dimuthu Leelarathne Architect & Product Lead of App Factory WSO2, Inc. (http://wso2.com) email: [email protected] Mobile : 0773661935 Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
