Hi All, Below we have described the current implementation and the proposed implementation for device type multi tenancy.
In CDMF a device type contains following 3 components: 1) Device type plugin - An OSGi bundle which gets registered to CDMF. 2) Set of JAX-RS application that can be deployed either as a managed api (This gets published to the api manager) or can be secured through the authentication framework in tomcat valve. 3) Set of UI components. *Current Implementation* We deploy the device type implementation as a service and this gets registered with the CDMF. When the jax-rs application is deployed and if the managed-api is enabled in the web.xml then it will deploy the APIs in super tenant space and the subscription is set to SHARE_WITH_ALL_TENANTS mode and when the managed-api mode is disabled then the carbon context flow is created for the user and in the valve and will allow all the request to the jax-rs backend API(No restriction for tenant which works similar as SHARE_WITH_ALL_TENANT mode). *Requirement* In device type multi tenancy a device author from a tenant can decide to share the device type with 3 possible approaches. - SHARE_WITH_ALL_TENANTS - eg: Current device type implementation for EMM (Android, IOS, Windows) - SHARE_WITH_ONLY_CURRENT_TENANTS - eg: Most probable use case for device cloud. A device type created by a tenant should be in tenant space. - SHARE_WITH_SPECIFIC_TENANTS - There isn't any direct practical use case therefore we thought to not to have this capability in CDMF. *Proposed* Since a device type has plugin and APIs. We have to solve tenant specific data separation for the device type and also need to have tenant specific subscription for the device type API. In here JVM does not cater tenant specific separation therefore we need to have a mechanism to identify from which tenant does the device type plugin service is been registered Therefore in the OSGi service we will have two methods as stated below: String getProviderTenantDomain(); boolean isSharedWithAllTenants(); This will be picked up in the CDMF after the device type service is registered. This registration data will be used to store the device type to tenant specific. In the JAX-RS application, we need to have two fields in the web.xml. This is to capture which tenant provided the webapp is linked and also needs to know whether the APIs are shared with all or not. <context-param> <param-name>providerTenantDomain</param-name> <param-value>true</param-value> </context-param> <context-param> <param-name>isSharedWithAllTenants</param-name> <param-value>true</param-value> </context-param> This information will be captured when the jax-rs application deployed and in: managed api use case the api and the subscription will be registered with the above configs. In non managed api mode the above information will be grabbed in the authorization framework in the valve and will allow the request only for the allowed tenant users. WDYT about the above flow and if there are anything that we have missed then please let us know? Thanks, *Ayyoob Hamza* *Software Engineer* WSO2 Inc.; http://wso2.com email: [email protected] cell: +94 77 1681010 <%2B94%2077%207779495>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
