Hi Sanjeewa, On Wed, Aug 17, 2016 at 11:37 AM, Sanjeewa Malalgoda <[email protected]> wrote:
> It works like this, > When you go to publisher and develop API you can see certain endpoints > based on the roles you assigned. > Then if need you can pick existing endpoint and create API if need. > Else you can create brand new endpoint and use it for your API. If you > think this endpoint need to shared with your friends then you set > visibility of that endpoint to role. > Then users belong to that role can use that endpoint and create API if > need. > > You can only see your APIs > This is exactly what I'm talking about. We don't have this in API manager, do we? If we have this, then role based access control for endpoints is a valid requirement. Thanks, Bhathiya > You can create them only with allowed endpoints. So there is no such thing > seeing API but not endpoints. > > > > On Wed, Aug 17, 2016 at 11:31 AM, Bhathiya Jayasekara <[email protected]> > wrote: > >> >> >> On Wed, Aug 17, 2016 at 11:21 AM, Sanjeewa Malalgoda <[email protected]> >> wrote: >> >>> >>> >>> On Wed, Aug 17, 2016 at 11:14 AM, Bhathiya Jayasekara <[email protected] >>> > wrote: >>> >>>> Hi Sanjeewa, >>>> >>>> On Wed, Aug 17, 2016 at 10:39 AM, Sanjeewa Malalgoda <[email protected] >>>> > wrote: >>>> >>>>> >>>>> >>>>> On Wed, Aug 17, 2016 at 8:56 AM, Harsha Kumara <[email protected]> >>>>> wrote: >>>>> >>>>>> >>>>>> >>>>>> On Wed, Aug 17, 2016 at 12:09 AM, Bhathiya Jayasekara < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> On Tue, Aug 16, 2016 at 10:31 PM, Harsha Kumara <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> >>>>>>>> We can use a role base model to control the visibility of defined >>>>>>>> endpoints. >>>>>>>> >>>>>>> >>>>>>> But this will be challenging since we don't have a role based access >>>>>>> control for APIs in publisher. Actually it does not make sense to have >>>>>>> such >>>>>>> an access control only for endpoints when APIs are open to all. For >>>>>>> example, say endpoint E1 is visible only to Role1, and Role2 can't see >>>>>>> that. If someone with Role1 creates an API with E1, all users in Role2 >>>>>>> also >>>>>>> can see that API, which means they can/should see E1 too. So IMO, first >>>>>>> we >>>>>>> have to come to a decision whether we implement roles base API >>>>>>> visibility >>>>>>> in publisher or not. Then we can decide how to implement visibility for >>>>>>> endpoints. >>>>>>> >>>>>>> Yes, currently anyone can see the APIs in publisher able to look at >>>>>> the defined endpoints in implementation phase. Since we only giving >>>>>> option >>>>>> of selecting the endpoint name only, user who don't have the required >>>>>> role >>>>>> only see the name of it. But again it's not consistent. If we going to >>>>>> support the endpoint visibility based on a scheme such as role based, we >>>>>> may need to look at the API visibility in publisher as well. >>>>>> >>>>> If we think carefully its not a new thing. As example we can consider >>>>> tier permissions. Anyone can login to API store and create application. >>>>> But >>>>> only few specific users will see some tiers and they can use them for >>>>> their >>>>> subscriptions. >>>>> >>>> >>>> In this case we control visibility in store side. There we can do that. >>>> (We do have even API visibility in store.) But when we talk about >>>> endpoints, it's about publisher. And we have a visibility issue to solve >>>> there. >>>> >>>> IIRC, every publisher can see all subscription tiers regardless of the >>>> role based visibility we set for them. So the problem is there in >>>> publisher. >>>> >>> Its not a problem, that is how we implemented it there(as there was no >>> use case for role based visibility control). >>> >> >> Yeah that's correct. I didn't mean there's a problem in tier >> subscriptions. What I meant was that we already have store side role based >> visibility for APIs, subscription tiers etc., but we still don't have it in >> publisher side. >> >> >>> Even in publisher we can do certain permission checks and show content >>> based on permissions user allowed. >>> >> >> Yes technically that may be possible. But does that make sense if you >> have access to an API but not for its endpoints (like in the example I gave >> in my 1st reply)? >> >> Thanks, >> Bhathiya >> >> >>> >>> Thanks, >>> sanjeewa. >>> >>> >>>> >>>> Thanks, >>>> Bhathiya >>>> >>>> >>>>> In same way we can have endpoints which users can see according to >>>>> roles they assigned. And if they can see then they can use them. WDYT? >>>>> >>>>> Thanks, >>>>> sanjeewa. >>>>> >>>>>> >>>>>> Thanks, >>>>>>> Bhathiya >>>>>>> >>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> sanjeewa. >>>>>>>>> >>>>>>>>>> [1] - http://wso2.com/library/articles/2016/03/article-architect >>>>>>>>>>> ing-a-multi-environment-api-manager-deployment-with-wso2-api >>>>>>>>>>> -manager/ >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Harsha >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Harsha Kumara >>>>>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>>>>> Mobile: +94775505618 >>>>>>>>>>> Blog:harshcreationz.blogspot.com >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> *Sanjeewa Malalgoda* >>>>>>>>>> WSO2 Inc. >>>>>>>>>> Mobile : +94713068779 >>>>>>>>>> >>>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Sanjeewa Malalgoda* >>>>>>>>> WSO2 Inc. >>>>>>>>> Mobile : +94713068779 >>>>>>>>> >>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>>>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>>>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Harsha Kumara >>>>>>>> Software Engineer, WSO2 Inc. >>>>>>>> Mobile: +94775505618 >>>>>>>> Blog:harshcreationz.blogspot.com >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Architecture mailing list >>>>>>>> [email protected] >>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Bhathiya Jayasekara* >>>>>>> *Senior Software Engineer,* >>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>> >>>>>>> *Phone: +94715478185 <%2B94715478185>* >>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>> <https://twitter.com/bhathiyax>* >>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Harsha Kumara >>>>>> Software Engineer, WSO2 Inc. >>>>>> Mobile: +94775505618 >>>>>> Blog:harshcreationz.blogspot.com >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Sanjeewa Malalgoda* >>>>> WSO2 Inc. >>>>> Mobile : +94713068779 >>>>> >>>>> <http://sanjeewamalalgoda.blogspot.com/>blog >>>>> :http://sanjeewamalalgoda.blogspot.com/ >>>>> <http://sanjeewamalalgoda.blogspot.com/> >>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Bhathiya Jayasekara* >>>> *Senior Software Engineer,* >>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>> >>>> *Phone: +94715478185 <%2B94715478185>* >>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>> <http://www.linkedin.com/in/bhathiyaj>* >>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>>> *Blog: http://movingaheadblog.blogspot.com >>>> <http://movingaheadblog.blogspot.com/>* >>>> >>> >>> >>> >>> -- >>> >>> *Sanjeewa Malalgoda* >>> WSO2 Inc. >>> Mobile : +94713068779 >>> >>> <http://sanjeewamalalgoda.blogspot.com/>blog >>> :http://sanjeewamalalgoda.blogspot.com/ >>> <http://sanjeewamalalgoda.blogspot.com/> >>> >>> >>> >> >> >> -- >> *Bhathiya Jayasekara* >> *Senior Software Engineer,* >> *WSO2 inc., http://wso2.com <http://wso2.com>* >> >> *Phone: +94715478185 <%2B94715478185>* >> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >> <http://www.linkedin.com/in/bhathiyaj>* >> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >> *Blog: http://movingaheadblog.blogspot.com >> <http://movingaheadblog.blogspot.com/>* >> > > > > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. > blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> > > > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
