Hi Nuwan, On Wed, Mar 2, 2016 at 2:32 PM, Nuwan Dias <[email protected]> wrote:
> Yes, having a dedicated permissions string would be best IMO. Can we > finalize on a permissions string for this? > > @IS Team, what is the plan of applying the Dynamic Client Registration PR > to the release branch? We need to make a decision whether we're going to > use this one or the one we have locally at the moment to proceed. Also, we > need to decided where to provide feature enhancements as the one being > discussed on this thread. > Tharika didn't have enough time to complete the feature. She was only assigned for two weeks, in that also last 3 days she was involved in a APIM support issue. She did port the EMM implementation and got it working with IS. However there were lot of improvements identified in code review, which was held in her last week. So I believe we need some one to complete this off until such time we can't add it to the release. Currently there is an effort going on in IS team to separate the identity-framework and connectors. DCR also will be a connector, so if this is completed at some point we will be able to install this as a connector to a released product even. [1] Updated Invitation: [Code Review][IS] OAuth 2.0 Dynamic Client Registration @ Tue Feb 9, 2016 11:30am - 12:30pm ([email protected]) Thanks, Johann. > Thanks, > NuwanD. > > On Tue, Mar 1, 2016 at 6:28 PM, Malintha Amarasinghe <[email protected]> > wrote: > >> Hi Darshana, >> >> Thanks for the quick response. I will go through the link. >> >> Thanks, >> Malintha >> On Mar 1, 2016 5:09 PM, "Darshana Gunawardana" <[email protected]> wrote: >> >>> Hi Malintha, >>> >>> Yes, the better option is to create new permissions for DCR, rather >>> reusing already defined permissions. You can refer [1] to see how the >>> recently developed IS workflow component defined its permission model and >>> it's hierarchy. >>> >>> [1] >>> http://cdwijayarathna.blogspot.com/2016/01/permission-model-of-wso2-is-workflow.html >>> >>> Thanks, >>> >>> On Tue, Mar 1, 2016 at 6:20 AM, Malintha Amarasinghe <[email protected] >>> > wrote: >>> >>>> Hi All, >>>> >>>> Currently Dynamic Client Registration (DCR) module in API Manager [1] >>>> allows to create OAuth applications irrespective of user permissions. That >>>> might lead to problems as any user can directly create Apps which might be >>>> unusable and they can flood the system too. >>>> >>>> Currently in API Manager we have following permissions defined. >>>> >>>> /permission/admin/manage/api/create >>>> /permission/admin/manage/api/publish >>>> /permission/admin/manage/api/subscribe >>>> >>>> We initially thought of letting user to create OAuth apps through DCR >>>> only if user has any of the above permissions. But it then allows *ALL* >>>> creators/subscribers and publishers to create OAuth apps through DCR and we >>>> cannot restrict that. >>>> >>>> Hence, we are suggesting to use a new permission for create an OAuth >>>> app using DCR. Then we can specifically choose which user can access DCR. >>>> >>>> Please share your thoughts. >>>> >>>> PS: >>>> As per [2] current DCR module of API Manager will be moved as an IS >>>> component. >>>> >>>> Thanks, >>>> Malintha >>>> >>>> [1] >>>> https://github.com/wso2/carbon-apimgt/tree/master/components/apimgt/org.wso2.carbon.apimgt.rest.api.dcr/src/main/java/org/wso2/carbon/apimgt/rest/api/dcr/web >>>> [2] https://github.com/wso2/carbon-identity/pull/1712/files >>>> >>>> -- >>>> Malintha Amarasinghe >>>> Software Engineer >>>> *WSO2, Inc. - lean | enterprise | middleware* >>>> http://wso2.com/ >>>> >>>> Mobile : +94 712383306 >>>> >>> >>> >>> >>> -- >>> Regards, >>> >>> >>> *Darshana Gunawardana*Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> >>> *E-mail: [email protected] <[email protected]>* >>> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >>> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Nuwan Dias > > Technical Lead - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
