On Wed, Aug 17, 2016 at 11:21 AM, Sanjeewa Malalgoda <[email protected]> wrote:
> > > On Wed, Aug 17, 2016 at 11:14 AM, Bhathiya Jayasekara <[email protected]> > wrote: > >> Hi Sanjeewa, >> >> On Wed, Aug 17, 2016 at 10:39 AM, Sanjeewa Malalgoda <[email protected]> >> wrote: >> >>> >>> >>> On Wed, Aug 17, 2016 at 8:56 AM, Harsha Kumara <[email protected]> wrote: >>> >>>> >>>> >>>> On Wed, Aug 17, 2016 at 12:09 AM, Bhathiya Jayasekara < >>>> [email protected]> wrote: >>>> >>>>> Hi, >>>>> >>>>> On Tue, Aug 16, 2016 at 10:31 PM, Harsha Kumara <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> We can use a role base model to control the visibility of defined >>>>>> endpoints. >>>>>> >>>>> >>>>> But this will be challenging since we don't have a role based access >>>>> control for APIs in publisher. Actually it does not make sense to have >>>>> such >>>>> an access control only for endpoints when APIs are open to all. For >>>>> example, say endpoint E1 is visible only to Role1, and Role2 can't see >>>>> that. If someone with Role1 creates an API with E1, all users in Role2 >>>>> also >>>>> can see that API, which means they can/should see E1 too. So IMO, first we >>>>> have to come to a decision whether we implement roles base API visibility >>>>> in publisher or not. Then we can decide how to implement visibility for >>>>> endpoints. >>>>> >>>>> Yes, currently anyone can see the APIs in publisher able to look at >>>> the defined endpoints in implementation phase. Since we only giving option >>>> of selecting the endpoint name only, user who don't have the required role >>>> only see the name of it. But again it's not consistent. If we going to >>>> support the endpoint visibility based on a scheme such as role based, we >>>> may need to look at the API visibility in publisher as well. >>>> >>> If we think carefully its not a new thing. As example we can consider >>> tier permissions. Anyone can login to API store and create application. But >>> only few specific users will see some tiers and they can use them for their >>> subscriptions. >>> >> >> In this case we control visibility in store side. There we can do that. >> (We do have even API visibility in store.) But when we talk about >> endpoints, it's about publisher. And we have a visibility issue to solve >> there. >> >> IIRC, every publisher can see all subscription tiers regardless of the >> role based visibility we set for them. So the problem is there in >> publisher. >> > Its not a problem, that is how we implemented it there(as there was no use > case for role based visibility control). > Yeah that's correct. I didn't mean there's a problem in tier subscriptions. What I meant was that we already have store side role based visibility for APIs, subscription tiers etc., but we still don't have it in publisher side. > Even in publisher we can do certain permission checks and show content > based on permissions user allowed. > Yes technically that may be possible. But does that make sense if you have access to an API but not for its endpoints (like in the example I gave in my 1st reply)? Thanks, Bhathiya > > Thanks, > sanjeewa. > > >> >> Thanks, >> Bhathiya >> >> >>> In same way we can have endpoints which users can see according to >>> roles they assigned. And if they can see then they can use them. WDYT? >>> >>> Thanks, >>> sanjeewa. >>> >>>> >>>> Thanks, >>>>> Bhathiya >>>>> >>>>> >>>>>> >>>>>> >>>>>>> Thanks, >>>>>>> sanjeewa. >>>>>>> >>>>>>>> [1] - http://wso2.com/library/articles/2016/03/article-architect >>>>>>>>> ing-a-multi-environment-api-manager-deployment-with-wso2-api >>>>>>>>> -manager/ >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Harsha >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Harsha Kumara >>>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>>> Mobile: +94775505618 >>>>>>>>> Blog:harshcreationz.blogspot.com >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Sanjeewa Malalgoda* >>>>>>>> WSO2 Inc. >>>>>>>> Mobile : +94713068779 >>>>>>>> >>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Sanjeewa Malalgoda* >>>>>>> WSO2 Inc. >>>>>>> Mobile : +94713068779 >>>>>>> >>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Harsha Kumara >>>>>> Software Engineer, WSO2 Inc. >>>>>> Mobile: +94775505618 >>>>>> Blog:harshcreationz.blogspot.com >>>>>> >>>>>> _______________________________________________ >>>>>> Architecture mailing list >>>>>> [email protected] >>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Bhathiya Jayasekara* >>>>> *Senior Software Engineer,* >>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>> >>>>> *Phone: +94715478185 <%2B94715478185>* >>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>> *Twitter: https://twitter.com/bhathiyax >>>>> <https://twitter.com/bhathiyax>* >>>>> *Blog: http://movingaheadblog.blogspot.com >>>>> <http://movingaheadblog.blogspot.com/>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Harsha Kumara >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94775505618 >>>> Blog:harshcreationz.blogspot.com >>>> >>> >>> >>> >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >> >> >> -- >> *Bhathiya Jayasekara* >> *Senior Software Engineer,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <%2B94715478185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. > blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> > > > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
