*Requirement:*
*When dashboard retrieving data from some REST APIs which are secured, we
do require proper security model in place in order to identify who can
access this dashboard and at which level should it be done. In addition,how
can dashboard be going to communicate with respective REST API securely?*
Figure 01:
Dashboard Server
Data providers for gadgets need to communicate with DS securely. Most of
the cases data providers are some REST APIs. There might be a situation
which dashboard will be getting data from different data providers as well.
In the DS perspective, there must be an effective way to tackle these
security related issues up to some extent. Referring to figure 1, we are
having three places where we can address these issues.
- gadget level
- per-dashboard level
- dashboard server level
What would be the proper place which we can address security concerns in a
proper manner? If we try to address this at gadget level, It will be too
mush of granularity which may be preventing the acceptable performance of
data retrieval from data providers as well as too mush of load to DS
itself. Also having problems user authentication and authorization at this
level as well as per dashboard level. Dashboard server level would be the
ideal place which we can address all those security concerns in a
conventional manner. Any advice and suggestions will be greatly appreciated
regarding this.
Thanks,
Geesara,
--
Geesara Prathap Kulathunga
Software Engineer
WSO2 Inc; http://wso2.com
Mobile : +940772684174
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
