HI Sanjeewa, All, Please find my comment in line.
On Mon, Jan 8, 2018 at 7:43 PM, Sanjeewa Malalgoda <[email protected]> wrote: > Hi All, > We are thinking about adding scope registration support to our carbon-auth > implementation. For this we will need to have API to add/update/delete/list > scopes. When we analyzed current implementation of API its designed to have > API name as unique identifier. Or we can use UUID for that to adhere > approach we followed for other APIs. But i dont see issue with having name > as unique identifier if its unique. Myself and Malintha had quick > discussion about scope registration API and came up with following attached > REST API. We have removed name from resource path of existing API. > An Identity provider can act as the central authorization server for multiple resource servers. In that case same Scope can imterprit by different resource servers in different manner. So scope should be unique with Scope + resource server and each combination will couple with a binding > > We need to think about authentication mechanism for this API as API > creators will allow to add scopes per API. Also we need to think how should > we handle adding same scope name by different users for different APIs. If > one user defined read scope then others may not be able to define same > scope. > In this case I think scope should be unique within the resource server where it can have a globel validation rule. And it whould be easy to configure with external authorization servers. -Ishara > > Since identity server team had experiences with this API they can provide > suggestions for API and implementation. We will expose this as MSF4J based > API from carbon auth run time. > > Lets use this thread to discuss all aspects of scope registration and > finalize implementation. > > Thanks, > sanjeewa. > -- > > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 <+94%2071%20306%208779> > > <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda. > blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/> > > > -- Ishara Karunarathna Technical Lead WSO2 Inc. - lean . enterprise . middleware | wso2.com email: [email protected], blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
