Hi Prabath, You're referring to supporting the OAuth Mac Token profile for inbound security right? What we're trying to do here is invoking a secured back-end over Digest Auth.
In this case the API Gateway is the client. Therefore the user actually resides on the User Store of the back-end service. And the username/password pair is provided to the API on API Manager at the time of defining the Endpoint of the API. Thanks, NuwanD. On Thu, Sep 3, 2015 at 9:56 AM, Tharika Madurapperuma <[email protected]> wrote: > Hi Roshan, > > Yes we can allow the users to have any QOP method instead of > only 'auth'. > > Tharika Madurapperuma > Software Engineering Intern > WSO2 > Mobile : +94777-875-624 > > On Wed, Sep 2, 2015 at 10:18 PM, Roshan Wijesena <[email protected]> wrote: > >> Hi Tharika, >> >> +1, Nicely explained. I have only one comment, >> >> On Wed, Sep 2, 2015 at 9:57 AM, Tharika Madurapperuma <[email protected]> >> wrote: >> >>> The *qop*(Quality Of Protection) can be one of auth, auth-int etc. and >>> has influence on how the hash is created. We use auth here. >>> >> >> I think it is better if we can allowed users (API developers) to use >> any *qop* method as per their wish, I meant we should not strict only to >> '*auth*' method here. >> >> -Roshan. >> >> -- >> Roshan Wijesena. >> Senior Software Engineer-WSO2 Inc. >> Mobile: *+94719154640 <%2B94719154640>* >> Email: [email protected] >> *WSO2, Inc. :** wso2.com <http://wso2.com/>* >> lean.enterprise.middleware. >> > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Nuwan Dias Technical Lead - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
