So will getting a list of users for a role (in IS) a admin or user task? On Wed, May 4, 2016 at 11:42 AM, Hasitha Aravinda <[email protected]> wrote:
> Hi Manu, > > In my point of view, we have to decide it based on what API does and who > are the actual users involve. > > In BPS, we have two sets of users: workflow participants and admin > user/devOps of the BPS. Based on these users we can categorized BPS APIs > into two sets. > > - Admin APIs : There are few APIs like artifact deployer API, accessed > only by administrators of the server or devOps. > > > - User APIs : BPMN Rest API and HumanTask API are user APIs, because > these APIs only accessed by participants of processes and user tasks. But > we can argue some of the operations are admin operations, but those are > business admin operations. These resources/operations need to > be authorized using an ACL, based on current user and his role in workflow > or user-task. > > For example in HumanTask [1], we have several roles i.e. Business > Administrator, Potential Owners, Excluded Owners, Stakeholders etc. Based > on current user and his role in defined task, user are authorized to > perform an operation. > > IMO having clear separations between User API and Admin API may important > when securing these APIs separately. > > [1] - > http://docs.oasis-open.org/bpel4people/ws-humantask-1.1-spec-cs-01.html#_Toc261430341 > > Thanks, > Hasitha. > > On Wed, May 4, 2016 at 7:55 PM, Manuranga Perera <[email protected]> wrote: > >> How do we define an admin vs non-admin API? >> Is getting list of users different from getting the list of processes? >> >> A customer written UI may have to call both. We can argue that some >> things are 100% admin eg: shutdown server. But to me this seems like an >> arbitrary decision. >> >> >> On Wed, May 4, 2016 at 12:14 AM, Hasitha Aravinda <[email protected]> >> wrote: >> >>> Another thing, we need to consider exposing different ports for user >>> APIs and Admin APIs to have a clear separation. In C4 all user and admin >>> APIs exposed in 9443 and 9763. AFAIK this is not supported in current MSF4J >>> OSGi version. >>> >>> Thanks, >>> Hasitha. >>> >>> On Wed, May 4, 2016 at 9:26 AM, Nandika Jayawardana <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> In all the carbon platform versions up to now, we used 9443, and 9763 >>>> ports for admin services for all server products. Are we going to use the >>>> same ports for C5. >>>> >>>> Regards >>>> Nandika >>>> >>>> -- >>>> Nandika Jayawardana >>>> WSO2 Inc ; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> -- >>> Hasitha Aravinda, >>> Senior Software Engineer, >>> WSO2 Inc. >>> Email: [email protected] >>> Mobile : +94 718 210 200 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> With regards, >> *Manu*ranga Perera. >> >> phone : 071 7 70 20 50 >> mail : [email protected] >> > > > > -- > -- > Hasitha Aravinda, > Senior Software Engineer, > WSO2 Inc. > Email: [email protected] > Mobile : +94 718 210 200 > -- With regards, *Manu*ranga Perera. phone : 071 7 70 20 50 mail : [email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
