Hi Chathura, Thanks for the explanation.
On Wed, Apr 29, 2015 at 5:58 AM, Chathura Dilan <[email protected]> wrote: > Hi Prabath, > > In EMM 1.1.0 we could enforce app polices to > 1. roles > 2. users > 3. platforms > > These all are possible with current app manager release. I think enforcing > policies to a role and user is clear. If you want to enforce as an example > install app polices to a platform, from MDM you need to get all the devices > that run on that platform. Then you need to subscribe each user with the > app who has those devices. > > If you want to enforce polices to multiple devices it also possible. But > in App Manager, app is alway subscribed to a user, not to a device. > I guess I do understand that part. Was just checking if we're missing anything that was previously there in EMM 1.1.0 WRT re-locating MAM features in AppManager. We're all good as long as we have everything (and maybe more) that's related to MAM aspects covered in the new face of it, without losing any feature that was previously released as part of EMM 1.1.0. Cheers, Prabath > > > > > > > On Wed, Apr 29, 2015 at 2:06 AM, Prabath Abeysekera <[email protected]> > wrote: > >> >> On Tue, Apr 28, 2015 at 9:28 AM, Chathura Dilan <[email protected]> >> wrote: >> >>> Hi Inosh, >>> >>> We are not storing device info in App Manager. App subscription is only >>> associate with the user. If you subscribe to an app using a device, we >>> consider it as the user who belong that device subscribe to the app. >>> >> >> Does this mean we cannot support enforcing app policies properly upon a >> user who owns multiple different devices, at this point? If that's the >> case, are we not losing any features supported in the previous "EMM >> offering" if we plan to go ahead with this approach and the same was >> available previously? Please correct me if I'm missing something. >> >> Cheers, >> Prabath >> >> >>> On Tue, Apr 28, 2015 at 9:04 AM, Inosh Perera <[email protected]> wrote: >>> >>>> Hi Dilan, >>>> >>>> So, according to currently supported APIs, >>>> subscriptions/unsubscriptions are per user/role, but not per devices is it? >>>> >>>> Regards, >>>> Inosh >>>> >>>> >>>> On Mon, Apr 27, 2015 at 6:04 PM, Chathura Dilan <[email protected]> >>>> wrote: >>>> >>>>> Hi Shan, >>>>> >>>>> Thank you, We can generate a token per request which is expired after >>>>> some time once the download link is accessed. What do you think? >>>>> >>>>> On Mon, Apr 27, 2015 at 5:34 PM, Shanmugarajah Sinnathamby < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Chathura. >>>>>> >>>>>> In Android , the link is invoked by the agent which downloads the app >>>>>> file , the agent takes care of the request. >>>>>> >>>>>> In iOS , the link is sent via the MDM command , which is invoked by >>>>>> the iOS OS itself to download , which is not a direct link to the .app >>>>>> file >>>>>> but a manifest file . The request url can have the token along with the >>>>>> request, but it cannot add any headers programatically. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Mon, Apr 27, 2015 at 5:02 PM, Chathura Dilan <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi Shan, >>>>>>> >>>>>>> They are direct links but secure connections can be used. Some cases >>>>>>> like iOS AFAIK it is not possible to send tokens or security headers >>>>>>> along >>>>>>> with the installation request because it is managed by iOS itself. IMO >>>>>>> providing a direct link will not be a major security issue, since part >>>>>>> of >>>>>>> the link is encrypted. >>>>>>> >>>>>>> So only way to make them more secure will be, generating them as one >>>>>>> time download links. We need to do a proper research on this with real >>>>>>> devices, so this feature will be support from the next version of app >>>>>>> manager if it is possible. >>>>>>> >>>>>>> >>>>>>> On Mon, Apr 27, 2015 at 4:43 PM, Shanmugarajah Sinnathamby < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi Dilan, >>>>>>>> >>>>>>>> The device will invoke the url to download the apk file , how do we >>>>>>>> achieve the security . >>>>>>>> Is there any kind of token ? or its its a direct link . >>>>>>>> >>>>>>>> Can we have something like parameters without exposing the direct >>>>>>>> link of the file. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Mon, Apr 27, 2015 at 4:22 PM, Chathura Dilan <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Here are the APIs from app manager to subscribe, unsubscribe >>>>>>>>> application to a given user or a role >>>>>>>>> >>>>>>>>> 1. >>>>>>>>> api/v1/apps/mobile/subscribe/tenant/{tenantDomain}/user/{username} >>>>>>>>> 1. >>>>>>>>> api/v1/apps/mobile/unsubscribe/tenant/{tenantDomain}/user/{username} >>>>>>>>> 1. api/v1/apps/mobile/subscribe/tenant/{tenantDomain}/role/{roleId} >>>>>>>>> 1. >>>>>>>>> api/v1/apps/mobile/unsubscribe/tenant/{tenantDomain}/role/{roleId} >>>>>>>>> >>>>>>>>> You need to send the appId as a form parameter to above APIs >>>>>>>>> additionally and all APIs protected by Basic Auth as we have decided >>>>>>>>> earlier. >>>>>>>>> >>>>>>>>> APIs will return application details if it is successful as follows >>>>>>>>> >>>>>>>>> { >>>>>>>>> platform: "android" >>>>>>>>> iconImage: " >>>>>>>>> http://192.168.1.12:9763/publisher/api/mobileapp/getfile/uwvOc0yZD4lRuFc.png >>>>>>>>> <http://localhost:9763/publisher/api/mobileapp/getfile/uwvOc0yZD4lRuFc.png> >>>>>>>>> " >>>>>>>>> version: "1.5" >>>>>>>>> packageName: "com.antivirusforandroid" >>>>>>>>> identifier: "com.antivirusforandroid" >>>>>>>>> name: "Anti Virus" >>>>>>>>> location: "http:// >>>>>>>>> <http://localhost:9763/publisher/api/mobileapp/getfile/h88Zf6ZyaaGi801.apk> >>>>>>>>> 192.168.1.12 >>>>>>>>> <http://localhost:9763/publisher/api/mobileapp/getfile/uwvOc0yZD4lRuFc.png> >>>>>>>>> :9763/publisher/api/mobileapp/getfile/h88Zf6ZyaaGi801.apk" >>>>>>>>> id: "9a3f2a2c-1ebd-46b0-85e6-4c7da3b28ac9" >>>>>>>>> type: "enterprise" >>>>>>>>> } >>>>>>>>> >>>>>>>>> >>>>>>>>> Note: location details will be only sent with a subscription >>>>>>>>> request. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Apr 23, 2015 at 6:17 PM, Inosh Perera <[email protected]> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> Hi Dilan, >>>>>>>>>> >>>>>>>>>> As per the offline discussion we had, I need the input and >>>>>>>>>> response details for the endpoint exposed from App for, >>>>>>>>>> 1. App install/ uninstall request. >>>>>>>>>> >>>>>>>>>> Also since App manager does not include the second >>>>>>>>>> point described earlier, it is not necessary >>>>>>>>>> 2. When the device responds back with the status of the app >>>>>>>>>> install/uninstall status to MDM, the end point exposed from App >>>>>>>>>> manager to >>>>>>>>>> update the status of the operation. >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Inosh >>>>>>>>>> >>>>>>>>>> On Mon, Mar 16, 2015 at 12:10 PM, Chathura Dilan < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Inosh, >>>>>>>>>>> >>>>>>>>>>> We need to have an internal discussion regarding finalize the >>>>>>>>>>> app uninstall/uninstall and update, because this should be >>>>>>>>>>> finalized in MDM >>>>>>>>>>> on how to accept request. I have created a component[1] in AppM to >>>>>>>>>>> call MDM >>>>>>>>>>> endpoints assuming there is one endpoint from MDM. We can customize >>>>>>>>>>> it >>>>>>>>>>> according to the MDM requirements. >>>>>>>>>>> >>>>>>>>>>> [1] - >>>>>>>>>>> https://github.com/wso2/carbon-appmgt/blob/feature/mdmintegration/components/appmgt/org.wso2.carbon.appmgt.mobile/src/main/java/org/wso2/carbon/appmgt/mobile/wso2mdm/WSO2MDMOperations.java >>>>>>>>>>> >>>>>>>>>>> On Mon, Mar 16, 2015 at 8:49 AM, Inosh Perera <[email protected]> >>>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Dilan, >>>>>>>>>>>> Could you please tell the necessary inputs and the response >>>>>>>>>>>> from App manager, for >>>>>>>>>>>> 1. App install/ uninstall/ reinstall request. >>>>>>>>>>>> 2. When the device responds back with the status of the app >>>>>>>>>>>> install/uninstall/reinstall status to MDM, the end point exposed >>>>>>>>>>>> from App >>>>>>>>>>>> manager to update the status of the operation. >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> Inosh >>>>>>>>>>>> >>>>>>>>>>>> On Fri, Mar 13, 2015 at 4:44 PM, Chathura Dilan < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi, >>>>>>>>>>>>> >>>>>>>>>>>>> To access devices from MDM, AppM needs an API from MDM to get >>>>>>>>>>>>> list of enabled devices for given username, platform and platform >>>>>>>>>>>>> version >>>>>>>>>>>>> >>>>>>>>>>>>> Sample response from MDM as follows >>>>>>>>>>>>> >>>>>>>>>>>>> [ >>>>>>>>>>>>> { >>>>>>>>>>>>> "id": "12345", >>>>>>>>>>>>> "platform": "android", >>>>>>>>>>>>> "model": "Nexus", >>>>>>>>>>>>> "platform_version": "4", >>>>>>>>>>>>> "name": "My Device 1", >>>>>>>>>>>>> "image": "http://192.168.1.40:9763/device.png";, >>>>>>>>>>>>> "type": "tab" >>>>>>>>>>>>> }, >>>>>>>>>>>>> { >>>>>>>>>>>>> "id": "678", >>>>>>>>>>>>> "platform": "ios", >>>>>>>>>>>>> "model": "iPhone", >>>>>>>>>>>>> "platform_version": "8", >>>>>>>>>>>>> "name": "My iPhone", >>>>>>>>>>>>> "image": "http://192.168.1.40:9763/device2.png";, >>>>>>>>>>>>> "type": "phone" >>>>>>>>>>>>> } >>>>>>>>>>>>> ] >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> >>>>>>>>>>>>> Chatura Dilan Perera >>>>>>>>>>>>> *(Senior Software Engineer** - WSO2 Inc.**)* >>>>>>>>>>>>> www.dilan.me >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Inosh Perera >>>>>>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>>>>>> Tel: 0785293686 >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Regards, >>>>>>>>>>> >>>>>>>>>>> Chatura Dilan Perera >>>>>>>>>>> *(Senior Software Engineer** - WSO2 Inc.**)* >>>>>>>>>>> www.dilan.me >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Inosh Perera >>>>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>>>> Tel: 0785293686 >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Regards, >>>>>>>>> >>>>>>>>> Chatura Dilan Perera >>>>>>>>> *(Senior Software Engineer** - WSO2 Inc.**)* >>>>>>>>> www.dilan.me >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> *Shanmugarajah (Shan)* >>>>>>>> Director, Mobile Architecture, >>>>>>>> WSO2, Inc.; http://wso2.com >>>>>>>> Email: [email protected] >>>>>>>> Mobile : +94777748260 >>>>>>>> Blog: http://shanfour.blogspot.com >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> >>>>>>> Chatura Dilan Perera >>>>>>> *(Senior Software Engineer** - WSO2 Inc.**)* >>>>>>> www.dilan.me >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Shanmugarajah (Shan)* >>>>>> Director, Mobile Architecture, >>>>>> WSO2, Inc.; http://wso2.com >>>>>> Email: [email protected] >>>>>> Mobile : +94777748260 >>>>>> Blog: http://shanfour.blogspot.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> >>>>> Chatura Dilan Perera >>>>> *(Senior Software Engineer** - WSO2 Inc.**)* >>>>> www.dilan.me >>>>> >>>> >>>> >>>> >>>> -- >>>> Inosh Perera >>>> Software Engineer, WSO2 Inc. >>>> Tel: 0785293686 >>>> >>> >>> >>> >>> -- >>> Regards, >>> >>> Chatura Dilan Perera >>> *(Senior Software Engineer** - WSO2 Inc.**)* >>> www.dilan.me >>> >> >> >> >> -- >> Prabath Abeysekara >> Technical Lead >> WSO2 Inc. >> Email: [email protected] >> Mobile: +94774171471 >> > > > > -- > Regards, > > Chatura Dilan Perera > *(Senior Software Engineer** - WSO2 Inc.**)* > www.dilan.me > -- Prabath Abeysekara Technical Lead WSO2 Inc. Email: [email protected] Mobile: +94774171471
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
![http://192.168.1.40:9763/device.png"](http://192.168.1.40:9763/device.png"){kind=link}
![http://192.168.1.40:9763/device2.png"](http://192.168.1.40:9763/device2.png"){kind=link}