Hi, +1 for OAuth2. Because publisher APIs can be use in mobile devices. Ex -: customer implements mobile app to publish assets
Also need to think about how customer can extend (customize) the security with our extension model. Ex-: Customer writes a extended publisher API and need to give different grant types and roles Also , I think better to maintain one security mechanism, rather than secure some apis with oAuth2 and some apis with Basic Authentication. Thanks On Sun, Oct 19, 2014 at 1:12 PM, Ayesha Dissanayaka <[email protected]> wrote: > Thank you everyone for your valuable inputs. > > @Udara, > These API endpoints are used by ES publisher App itself and will be > invoked by authorized third party as well. In that way we have enabled > accessing ES back office via remote clients as well. > > According to suggestions in this thread having aouth is the best way to > secure the endpoints which are exposed to third party. > > We will decide whether to use basic-aouth/aouth or suppot both, and update > the thread on final outcome. > > Thanks! > - Ayesha > > On Sat, Oct 18, 2014 at 10:27 PM, Udara Liyanage <[email protected]> wrote: > >> Hi, >> >> Having basic oauth with HTTPS is kind of secured as long as no third >> party is invoking the APIs. >> >> >> >> Touched, not typed. Erroneous words are a feature, not a typo. >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Ayesha Dissanayaka* > Software Engineer, > WSO2, Inc : http://wso2.com > <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> > 20, Palmgrove Avenue, Colombo 3 > E-Mail: [email protected] <[email protected]> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Manoj Gunawardena Tech Lead WSO2, Inc.: http://wso2.com lean.enterprise.middleware Mobile : +94 77 2291643
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
