On Fri, Dec 8, 2017 at 11:10 PM, Tharindu Dharmarathna <[email protected]> wrote:
> Hi Harsha, > > > > On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[email protected]> wrote: > >> On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna < >> [email protected]> wrote: >> >>> Hi All, >>> >>> As per the offline discussion today, we going to implement according to >>> following way. >>> >>> *Rest Apis expose* >>> >>> /apis/{apiId}/scopes - POST to Create Scope object. >>> /apis/{apiid}/scopes - GET Get list of scope names >>> /apis/{apiid}/scopes/{name} - GET get the detail of Scope >>> /apis/{apiid}/scopes/{name} - PUT update the existing scope >>> /apis/{apiid}/scopes/{name} - Delete delete the scope >>> >> What are the restrictions for scope name? Having special charactors will >> cause issues. >> >>> >>> *Scope assign into the resource.* >>> >>> This can be done by following two ways. >>> >>> 1. / apis/{apiid} - PUT scope assign it to resource and those >>> information stored in swagger.json >>> 2. /apis/{apiid}/swagger - PUT swagger.json update with scopes will >>> create/update accoringly. >>> >>> So we are going to store the scopes in the swagger itself and the scope >> to role mappings in database right? >> > > Scopes are only stored in swagger itself and for the scope to role mapping > it will resides on the Authorization Server Itself. when we going to show > the scope, we call the Authorization server endpoint and get the bindings. > When it comes to token generation and validation how efficient is to get scopes information of a resource when we stored scopes in swagger? Does it has any effect? > >>> On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna < >>> [email protected]> wrote: >>> >>>> @Bhathiya, >>>> >>>> We are not giving sharing the scopes between APIS as those roles can >>>> have different definitions as below. >>>> >>>> For API1 for resource /menu post need scope1 which have role1 and role2. >>>> >>>> For API2 for resource /abc POST need scope1 which have role3 and role4. >>>> >>>> therefore we can't create scope which can cater above 2. >>>> >>>> >>>> >>>> On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[email protected] >>>> > wrote: >>>> >>>>> Hi Tharindu, >>>>> >>>>> Have we considered creating scopes in a single place and reusing them >>>>> in multiple APIs (just like we do with endpoints in v3)? I believe it will >>>>> be a useful capability because it allows publishers to reduce the number >>>>> of >>>>> scopes when there are many APIs and resources. >>>>> >>>>> IINM, in the current implementation, users can't even add the same >>>>> scope even for multiple versions of the same API. Well, that's a separate >>>>> thing to handle anyway. >>>>> >>>>> Thanks, >>>>> Bhathiya >>>>> >>>>> On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> We are going to develop Resource Registration Rest API for engaging >>>>>> Scope for the resource. I had come up with below flow in order to do the >>>>>> above. >>>>>> >>>>>> >>>>>> >>>>>> In Above Diagram for Store Scopes, we can do below two ways. >>>>>> >>>>>> >>>>>> 1. Store under swagger.json as security definition >>>>>> 2. Store In database schema. >>>>>> >>>>>> If we are Storing in swagger we have following advantages and >>>>>> disadvantages. >>>>>> *Advantages* >>>>>> >>>>>> 1. The scope can easily manage as we can assign the scopes to a >>>>>> resource inside the swagger. >>>>>> >>>>>> *Disadvantages*. >>>>>> >>>>>> 1. If we have lots of scopes for the API for getting the Details of >>>>>> the scope we have to call the Resource Server Endpoint, therefore it may >>>>>> lead to high network usage. >>>>>> 2. Swagger given by user get changed by injecting our set of >>>>>> properties. >>>>>> >>>>>> I had come up with below set of resources to create scopes and assign >>>>>> scopes >>>>>> >>>>>> >>>>>> 1. /apis/{apiid}/scopes - post (add scope for api) >>>>>> 2. /apis/{apiid}/scopes - get (get All the scopes for api) >>>>>> 3. /apis/{apiid}/scopes/{name} - put update scope >>>>>> 4. /apis/{apiid}/scopes/{name} - delete scope >>>>>> 5. /apis/{apiid} - put (Apply scopes(add,update,delete) into >>>>>> resources) >>>>>> 6. /apis/{apiid} - get (get scopes applied to a resources) >>>>>> >>>>>> Or We can do the below way as Reources are not consider as a sub >>>>>> resources of the API >>>>>> >>>>>> >>>>>> 1. /api1/{apiid} - (get,put) These two operations used to add >>>>>> scope,update scope,delete scope,assign scopes to resources. >>>>>> >>>>>> >>>>>> Please let us know your Ideas on this. >>>>>> >>>>>> Thanks >>>>>> >>>>>> *Tharindu Dharmarathna*Senior Software Engineer >>>>>> WSO2 Inc.; http://wso2.com >>>>>> lean.enterprise.middleware >>>>>> >>>>>> mobile: *+94779109091 <+94%2077%20910%209091>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Bhathiya Jayasekara* >>>>> *Associate Technical Lead,* >>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>> >>>>> *Phone: +94715478185 <+94%2071%20547%208185>* >>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>> *Twitter: https://twitter.com/bhathiyax >>>>> <https://twitter.com/bhathiyax>* >>>>> *Blog: http://movingaheadblog.blogspot.com >>>>> <http://movingaheadblog.blogspot.com/>* >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Tharindu Dharmarathna*Senior Software Engineer >>>> WSO2 Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: *+94779109091 <+94%2077%20910%209091>* >>>> >>> >>> >>> >>> -- >>> >>> *Tharindu Dharmarathna*Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94779109091 <+94%2077%20910%209091>* >>> >> >> >> >> -- >> Harsha Kumara >> Software Engineer, WSO2 Inc. >> Mobile: +94775505618 <+94%2077%20550%205618> >> Blog:harshcreationz.blogspot.com >> > > > > -- > > *Tharindu Dharmarathna*Senior Software Engineer > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94779109091 <+94%2077%20910%209091>* > -- Harsha Kumara Software Engineer, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
