Hi Harsha,
On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[email protected]> wrote: > On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna <[email protected] > > wrote: > >> Hi All, >> >> As per the offline discussion today, we going to implement according to >> following way. >> >> *Rest Apis expose* >> >> /apis/{apiId}/scopes - POST to Create Scope object. >> /apis/{apiid}/scopes - GET Get list of scope names >> /apis/{apiid}/scopes/{name} - GET get the detail of Scope >> /apis/{apiid}/scopes/{name} - PUT update the existing scope >> /apis/{apiid}/scopes/{name} - Delete delete the scope >> > What are the restrictions for scope name? Having special charactors will > cause issues. > >> >> *Scope assign into the resource.* >> >> This can be done by following two ways. >> >> 1. / apis/{apiid} - PUT scope assign it to resource and those >> information stored in swagger.json >> 2. /apis/{apiid}/swagger - PUT swagger.json update with scopes will >> create/update accoringly. >> >> So we are going to store the scopes in the swagger itself and the scope > to role mappings in database right? > Scopes are only stored in swagger itself and for the scope to role mapping it will resides on the Authorization Server Itself. when we going to show the scope, we call the Authorization server endpoint and get the bindings. > >> On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna < >> [email protected]> wrote: >> >>> @Bhathiya, >>> >>> We are not giving sharing the scopes between APIS as those roles can >>> have different definitions as below. >>> >>> For API1 for resource /menu post need scope1 which have role1 and role2. >>> >>> For API2 for resource /abc POST need scope1 which have role3 and role4. >>> >>> therefore we can't create scope which can cater above 2. >>> >>> >>> >>> On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[email protected]> >>> wrote: >>> >>>> Hi Tharindu, >>>> >>>> Have we considered creating scopes in a single place and reusing them >>>> in multiple APIs (just like we do with endpoints in v3)? I believe it will >>>> be a useful capability because it allows publishers to reduce the number of >>>> scopes when there are many APIs and resources. >>>> >>>> IINM, in the current implementation, users can't even add the same >>>> scope even for multiple versions of the same API. Well, that's a separate >>>> thing to handle anyway. >>>> >>>> Thanks, >>>> Bhathiya >>>> >>>> On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna < >>>> [email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> We are going to develop Resource Registration Rest API for engaging >>>>> Scope for the resource. I had come up with below flow in order to do the >>>>> above. >>>>> >>>>> >>>>> >>>>> In Above Diagram for Store Scopes, we can do below two ways. >>>>> >>>>> >>>>> 1. Store under swagger.json as security definition >>>>> 2. Store In database schema. >>>>> >>>>> If we are Storing in swagger we have following advantages and >>>>> disadvantages. >>>>> *Advantages* >>>>> >>>>> 1. The scope can easily manage as we can assign the scopes to a >>>>> resource inside the swagger. >>>>> >>>>> *Disadvantages*. >>>>> >>>>> 1. If we have lots of scopes for the API for getting the Details of >>>>> the scope we have to call the Resource Server Endpoint, therefore it may >>>>> lead to high network usage. >>>>> 2. Swagger given by user get changed by injecting our set of >>>>> properties. >>>>> >>>>> I had come up with below set of resources to create scopes and assign >>>>> scopes >>>>> >>>>> >>>>> 1. /apis/{apiid}/scopes - post (add scope for api) >>>>> 2. /apis/{apiid}/scopes - get (get All the scopes for api) >>>>> 3. /apis/{apiid}/scopes/{name} - put update scope >>>>> 4. /apis/{apiid}/scopes/{name} - delete scope >>>>> 5. /apis/{apiid} - put (Apply scopes(add,update,delete) into >>>>> resources) >>>>> 6. /apis/{apiid} - get (get scopes applied to a resources) >>>>> >>>>> Or We can do the below way as Reources are not consider as a sub >>>>> resources of the API >>>>> >>>>> >>>>> 1. /api1/{apiid} - (get,put) These two operations used to add >>>>> scope,update scope,delete scope,assign scopes to resources. >>>>> >>>>> >>>>> Please let us know your Ideas on this. >>>>> >>>>> Thanks >>>>> >>>>> *Tharindu Dharmarathna*Senior Software Engineer >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> mobile: *+94779109091 <+94%2077%20910%209091>* >>>>> >>>> >>>> >>>> >>>> -- >>>> *Bhathiya Jayasekara* >>>> *Associate Technical Lead,* >>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>> >>>> *Phone: +94715478185 <+94%2071%20547%208185>* >>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>> <http://www.linkedin.com/in/bhathiyaj>* >>>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>>> *Blog: http://movingaheadblog.blogspot.com >>>> <http://movingaheadblog.blogspot.com/>* >>>> >>> >>> >>> >>> -- >>> >>> *Tharindu Dharmarathna*Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94779109091 <+94%2077%20910%209091>* >>> >> >> >> >> -- >> >> *Tharindu Dharmarathna*Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94779109091 <+94%2077%20910%209091>* >> > > > > -- > Harsha Kumara > Software Engineer, WSO2 Inc. > Mobile: +94775505618 <+94%2077%20550%205618> > Blog:harshcreationz.blogspot.com > -- *Tharindu Dharmarathna*Senior Software Engineer WSO2 Inc.; http://wso2.com lean.enterprise.middleware mobile: *+94779109091*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
