Nuwan, When we export the swagger file, we should be able to get all the scopes that are bonded to the Ballerina resource right?
On Mon, Dec 11, 2017 at 2:44 PM, Nuwan Dias <[email protected]> wrote: > > > On Mon, Dec 11, 2017 at 4:31 AM, Harsha Kumara <[email protected]> wrote: > >> >> >> On Fri, Dec 8, 2017 at 11:10 PM, Tharindu Dharmarathna < >> [email protected]> wrote: >> >>> Hi Harsha, >>> >>> >>> >>> On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[email protected]> wrote: >>> >>>> On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna < >>>> [email protected]> wrote: >>>> >>>>> Hi All, >>>>> >>>>> As per the offline discussion today, we going to implement >>>>> according to following way. >>>>> >>>>> *Rest Apis expose* >>>>> >>>>> /apis/{apiId}/scopes - POST to Create Scope object. >>>>> /apis/{apiid}/scopes - GET Get list of scope names >>>>> /apis/{apiid}/scopes/{name} - GET get the detail of Scope >>>>> /apis/{apiid}/scopes/{name} - PUT update the existing scope >>>>> /apis/{apiid}/scopes/{name} - Delete delete the scope >>>>> >>>> What are the restrictions for scope name? Having special charactors >>>> will cause issues. >>>> >>>>> >>>>> *Scope assign into the resource.* >>>>> >>>>> This can be done by following two ways. >>>>> >>>>> 1. / apis/{apiid} - PUT scope assign it to resource and those >>>>> information stored in swagger.json >>>>> 2. /apis/{apiid}/swagger - PUT swagger.json update with scopes will >>>>> create/update accoringly. >>>>> >>>>> So we are going to store the scopes in the swagger itself and the >>>> scope to role mappings in database right? >>>> >>> >>> Scopes are only stored in swagger itself and for the scope to role >>> mapping it will resides on the Authorization Server Itself. when we going >>> to show the scope, we call the Authorization server endpoint and get the >>> bindings. >>> >> When it comes to token generation and validation how efficient is to get >> scopes information of a resource when we stored scopes in swagger? Does it >> has any effect? >> > > Since Ballerina is tightly linked to Swagger we could probably get the > scopes from the Swagger file to the Ballerina service itself, at the point > of deploying the API. If the scopes are in the Ballerina resource itself we > won't have to read the swagger for scopes. > >> >>>>> On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna < >>>>> [email protected]> wrote: >>>>> >>>>>> @Bhathiya, >>>>>> >>>>>> We are not giving sharing the scopes between APIS as those roles can >>>>>> have different definitions as below. >>>>>> >>>>>> For API1 for resource /menu post need scope1 which have role1 and >>>>>> role2. >>>>>> >>>>>> For API2 for resource /abc POST need scope1 which have role3 and >>>>>> role4. >>>>>> >>>>>> therefore we can't create scope which can cater above 2. >>>>>> >>>>>> >>>>>> >>>>>> On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Tharindu, >>>>>>> >>>>>>> Have we considered creating scopes in a single place and reusing >>>>>>> them in multiple APIs (just like we do with endpoints in v3)? I believe >>>>>>> it will be a useful capability because it allows publishers to reduce >>>>>>> the >>>>>>> number of scopes when there are many APIs and resources. >>>>>>> >>>>>>> IINM, in the current implementation, users can't even add the same >>>>>>> scope even for multiple versions of the same API. Well, that's a >>>>>>> separate >>>>>>> thing to handle anyway. >>>>>>> >>>>>>> Thanks, >>>>>>> Bhathiya >>>>>>> >>>>>>> On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> We are going to develop Resource Registration Rest API for engaging >>>>>>>> Scope for the resource. I had come up with below flow in order to do >>>>>>>> the >>>>>>>> above. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> In Above Diagram for Store Scopes, we can do below two ways. >>>>>>>> >>>>>>>> >>>>>>>> 1. Store under swagger.json as security definition >>>>>>>> 2. Store In database schema. >>>>>>>> >>>>>>>> If we are Storing in swagger we have following advantages and >>>>>>>> disadvantages. >>>>>>>> *Advantages* >>>>>>>> >>>>>>>> 1. The scope can easily manage as we can assign the scopes to a >>>>>>>> resource inside the swagger. >>>>>>>> >>>>>>>> *Disadvantages*. >>>>>>>> >>>>>>>> 1. If we have lots of scopes for the API for getting the Details of >>>>>>>> the scope we have to call the Resource Server Endpoint, therefore it >>>>>>>> may >>>>>>>> lead to high network usage. >>>>>>>> 2. Swagger given by user get changed by injecting our set of >>>>>>>> properties. >>>>>>>> >>>>>>>> I had come up with below set of resources to create scopes and >>>>>>>> assign scopes >>>>>>>> >>>>>>>> >>>>>>>> 1. /apis/{apiid}/scopes - post (add scope for api) >>>>>>>> 2. /apis/{apiid}/scopes - get (get All the scopes for api) >>>>>>>> 3. /apis/{apiid}/scopes/{name} - put update scope >>>>>>>> 4. /apis/{apiid}/scopes/{name} - delete scope >>>>>>>> 5. /apis/{apiid} - put (Apply scopes(add,update,delete) into >>>>>>>> resources) >>>>>>>> 6. /apis/{apiid} - get (get scopes applied to a resources) >>>>>>>> >>>>>>>> Or We can do the below way as Reources are not consider as a sub >>>>>>>> resources of the API >>>>>>>> >>>>>>>> >>>>>>>> 1. /api1/{apiid} - (get,put) These two operations used to add >>>>>>>> scope,update scope,delete scope,assign scopes to resources. >>>>>>>> >>>>>>>> >>>>>>>> Please let us know your Ideas on this. >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> *Tharindu Dharmarathna*Senior Software Engineer >>>>>>>> WSO2 Inc.; http://wso2.com >>>>>>>> lean.enterprise.middleware >>>>>>>> >>>>>>>> mobile: *+94779109091 <+94%2077%20910%209091>* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> *Bhathiya Jayasekara* >>>>>>> *Associate Technical Lead,* >>>>>>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>>>>>> >>>>>>> *Phone: +94715478185 <+94%2071%20547%208185>* >>>>>>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>>>>>> <http://www.linkedin.com/in/bhathiyaj>* >>>>>>> *Twitter: https://twitter.com/bhathiyax >>>>>>> <https://twitter.com/bhathiyax>* >>>>>>> *Blog: http://movingaheadblog.blogspot.com >>>>>>> <http://movingaheadblog.blogspot.com/>* >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Tharindu Dharmarathna*Senior Software Engineer >>>>>> WSO2 Inc.; http://wso2.com >>>>>> lean.enterprise.middleware >>>>>> >>>>>> mobile: *+94779109091 <+94%2077%20910%209091>* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Tharindu Dharmarathna*Senior Software Engineer >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> mobile: *+94779109091 <+94%2077%20910%209091>* >>>>> >>>> >>>> >>>> >>>> -- >>>> Harsha Kumara >>>> Software Engineer, WSO2 Inc. >>>> Mobile: +94775505618 <+94%2077%20550%205618> >>>> Blog:harshcreationz.blogspot.com >>>> >>> >>> >>> >>> -- >>> >>> *Tharindu Dharmarathna*Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94779109091 <+94%2077%20910%209091>* >>> >> >> >> >> -- >> Harsha Kumara >> Software Engineer, WSO2 Inc. >> Mobile: +94775505618 <+94%2077%20550%205618> >> Blog:harshcreationz.blogspot.com >> > > > > -- > Nuwan Dias > > Software Architect - WSO2, Inc. http://wso2.com > email : [email protected] > Phone : +94 777 775 729 <+94%2077%20777%205729> > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
