Yes, and Ann can also generate a token and share with Smith, to send with his requests.
Also, IMO the most Dashboard requests would come from a browser ( in a phone or PC), not from simple device. So storing or locating the token should not be a problem. On Fri, Mar 18, 2016 at 3:21 PM, Chathura Ekanayake <[email protected]> wrote: > > > >> I think we should go for a taken based approach (e.g. OAuth) to handle >> these scenarios. Following are few ideas >> >> >> 1. >> >> Using a token ( Ann attesting system user can do publish/ access to >> this stream on her behalf), Ann let the “system user“ publish data into >> Ann’s account >> >> > If a device can store a token, Ann can generate a token with necessary > scope (to access Ann's event store) and store the token in the device > itself. In that case, device can send the token with each event, so that > IoT platform can decide permissions based on the token. > > >> >> 1. >> >> When we give user Smith access to a gadget, we generate a token, >> which he will send when he is accessing the gadget, which the gadget will >> send to the DAS backend to get access to correct tables >> 2. >> >> Same token can be used for API access as well >> 3. >> >> We need to manage the tokens issued to each user so this happen >> transparently to the end user as much as possible. >> >> >> > -- ============================ Blog: http://srinathsview.blogspot.com twitter:@srinath_perera Site: http://people.apache.org/~hemapani/ Photos: http://www.flickr.com/photos/hemapani/ Phone: 0772360902
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
