Since gadgets are deployed as an artifact, shouldn't this information defined at the Gadget level?
Have we thought about what kind of technologies we will support for security? for example, maybe we can support data retrieval using an OAuth token in addition to basic auth over HTTPS. --Srinath On Thu, Apr 28, 2016 at 1:00 AM, Geesara Prathap <[email protected]> wrote: > *Requirement:* > *When dashboard retrieving data from some REST APIs which are secured, we > do require proper security model in place in order to identify who can > access this dashboard and at which level should it be done. In addition,how > can dashboard be going to communicate with respective REST API securely?* > > > > Figure 01: > Dashboard Server > > > Data providers for gadgets need to communicate with DS securely. Most of > the cases data providers are some REST APIs. There might be a situation > which dashboard will be getting data from different data providers as well. > In the DS perspective, there must be an effective way to tackle these > security related issues up to some extent. Referring to figure 1, we are > having three places where we can address these issues. > > - gadget level > - per-dashboard level > - dashboard server level > > What would be the proper place which we can address security concerns in a > proper manner? If we try to address this at gadget level, It will be too > mush of granularity which may be preventing the acceptable performance of > data retrieval from data providers as well as too mush of load to DS > itself. Also having problems user authentication and authorization at this > level as well as per dashboard level. Dashboard server level would be the > ideal place which we can address all those security concerns in a > conventional manner. Any advice and suggestions will be greatly appreciated > regarding this. > > Thanks, > Geesara, > > -- > Geesara Prathap Kulathunga > Software Engineer > WSO2 Inc; http://wso2.com > Mobile : +940772684174 > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- ============================ Srinath Perera, Ph.D. http://people.apache.org/~hemapani/ http://srinathsview.blogspot.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
