On Mon, Mar 5, 2018 at 3:10 PM, Senthalan Kanagalingam <[email protected]> wrote:
> Hi all, > > please find the inline comments. > >> >> On Mon, Mar 5, 2018 at 2:04 PM, Johann Nallathamby <[email protected]> >> wrote: >> >>> Hi Senthalan, >>> >> > >> >>> JDBC Scope Validator doesn't make any sense. Can we have a more >>> meaningful name for that? Isn't this the role based scope validator? >>> >> > yes, we can use role-based scope validator for JDBC Scoper Validator. I > will correct it. > > >> >>> Regards, >>> Johann. >>> >>> On Mon, Mar 5, 2018 at 5:12 AM, Senthalan Kanagalingam < >>> [email protected]> wrote: >>> >>>> Hi Johann, >>>> >>>> Please find the screenshot. >>>> >>>> >>>> >> Hi Senthalan, >> > > >> If both the validators are checked as in your UI, does it imply both >> validation will happen? >> Then what is the order? Is it the order in which it is listed as in your >> UI? >> > > Yes, two validators will be implied during the token validation time. In > the UI, I have shown the name of the scope validators sorted by > alphabetical order. Beacuse previously, the names were shuffled in the UI. > Validators are implied in the order of scope validators defined in > identity.xml. > ok. So scope validators will be executed In the order specified in identity.xml. Ex: JDBC Scope validator will be executed first and after that XACML scope validator will be executed. If so, how the order of execution happens should be documented or a note should be available in the UI itself I believe. > > Thanks and regards, > Senthalan > >> >>>> I have introduced a new abstract method called "getValidatorName()" >>>> in OAuth2ScopeValidator. That name is used to display in the UI and to >>>> store in the database. >>>> >>>> thanks and regards, >>>> Senthalan. >>>> >>>> On Sat, Mar 3, 2018 at 1:50 PM, Johann Nallathamby <[email protected]> >>>> wrote: >>>> >>>>> Hi Senthalan, >>>>> >>>>> What does the final UI look like? Can you attach a screenshot? >>>>> >>>>> Regards, >>>>> Johann. >>>>> >>>>> On Tue, Feb 20, 2018 at 1:48 PM, Darshana Gunawardana < >>>>> [email protected]> wrote: >>>>> >>>>>> +1 for second option. >>>>>> >>>>>> On Tue, Feb 20, 2018 at 5:55 PM, Senthalan Kanagalingam < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> hi all, >>>>>>> >>>>>>> In the UI of this implementation currently, we are showing only the >>>>>>> class name of the registered validators. If there are two scope >>>>>>> validators >>>>>>> with the same class name registered in two different packages. Then the >>>>>>> UI >>>>>>> will show mixed up with duplicate values. There are two options to solve >>>>>>> this problem, >>>>>>> >>>>>>> 1. Show the class name with the package name >>>>>>> 2. Implement a method in OAuth2ScopeValidator API to get meaning >>>>>>> full name. >>>>>>> >>>>>>> Please provide feedback regarding this. >>>>>>> >>>>>>> Thanks and Regards, >>>>>>> Senthalan. >>>>>>> >>>>>>> On Thu, Feb 8, 2018 at 5:29 PM, Johann Nallathamby <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Folks, >>>>>>>> >>>>>>>> I also have another concern here. Sorry I didn't bring this up >>>>>>>> earlier in the mail. Why do we show the scope validators in the SP UI? >>>>>>>> Scope validators are options given for the Resource Providers (API >>>>>>>> Provider/API Admins) to choose how they want to protect their APIs. In >>>>>>>> that >>>>>>>> sense these options are only suitable to be configured at against >>>>>>>> Resources >>>>>>>> or Resource groups by OAuth2 admins; not at service provider level. So >>>>>>>> I >>>>>>>> don't think having it in the SP UI is conceptually correct. However I >>>>>>>> understand that the SP UI is mostly used by admins and not the real >>>>>>>> service >>>>>>>> providers. The real service providers actually interact with a portal >>>>>>>> like >>>>>>>> the API Store and IS is used only as the backend where API calls are >>>>>>>> made. >>>>>>>> So when it comes to usage it might not be a big deal but still >>>>>>>> conceptually >>>>>>>> it's not right. >>>>>>>> >>>>>>>> Regards, >>>>>>>> Johann. >>>>>>>> >>>>>>>> On Fri, Feb 2, 2018 at 10:06 AM, Senthalan Kanagalingam < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi Darshana, Johann, >>>>>>>>> >>>>>>>>> Yes sure, I will change the UI. >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Senthalan >>>>>>>>> >>>>>>>>> On Thu, Feb 1, 2018 at 11:48 AM, Johann Nallathamby < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Senthalan, >>>>>>>>>> >>>>>>>>>> On Thu, Feb 1, 2018 at 9:30 AM, Senthalan Kanagalingam < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Malithi, >>>>>>>>>>> >>>>>>>>>>> On Wed, Jan 31, 2018 at 12:06 PM, Malithi Edirisinghe < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Hi Senthalan, >>>>>>>>>>>> >>>>>>>>>>>> On Tue, Jan 30, 2018 at 9:33 AM, Senthalan Kanagalingam < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hi all, >>>>>>>>>>>>> >>>>>>>>>>>>> We had a discussion regarding the state of this project. >>>>>>>>>>>>> Please find the meeting notes below, >>>>>>>>>>>>> >>>>>>>>>>>>> Participants: Dimuthu, Ruwan, Darshana, Nadun, Pamoda, Biruntha >>>>>>>>>>>>> >>>>>>>>>>>>> - Have multiple checkboxes in OAuth UI for all scope >>>>>>>>>>>>> validators. Then users can pick on their wish. >>>>>>>>>>>>> - When calling the scope validation, call the picked >>>>>>>>>>>>> validators. >>>>>>>>>>>>> - Store the picked scope validators for each OAuth app >>>>>>>>>>>>> against its "app id" in a new table. >>>>>>>>>>>>> - JDBCScopeValidator has to be picked as default, as we >>>>>>>>>>>>> have it in the current implementation. >>>>>>>>>>>>> - So write one migration script to populate the new table >>>>>>>>>>>>> with JDBCScopeValidator as picked validator for available >>>>>>>>>>>>> OAuth apps. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> Will UI be rendered upon the scope validators available in the >>>>>>>>>>>> runtime ? >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Yes, I have planned to take the scope validators registered in >>>>>>>>>>> OAuthServerConfiguration. So UI will render scope validators >>>>>>>>>>> available in >>>>>>>>>>> runtime. (But updating the registered scope validators need server >>>>>>>>>>> restart >>>>>>>>>>> as OAuthServerConfiguration loads the config at startup) >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> This will be a connector to the product. Therefore, the UI >>>>>>>>>>>> should not directly couple with the existing UI. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> The UI change is for the concept of scope validator not for this >>>>>>>>>>> specfic validator. If there is a new scope validation extension, >>>>>>>>>>> that will >>>>>>>>>>> also appear in the UI. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Please don't use the FQCN in the UI. Use simple meaningful names, >>>>>>>>>> like how we have done in our authenticators. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Johann. >>>>>>>>>> >>>>>>>>>> [image: Inline image 1] >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Senthalan >>>>>>>>>>>>> >>>>>>>>>>>>> On Mon, Jan 29, 2018 at 11:43 AM, Dimuthu Leelarathne < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Mon, Jan 29, 2018 at 11:38 AM, Ruwan Abeykoon < >>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>> -1 on adding anything to SP Configuration. This needs to be >>>>>>>>>>>>>>> separated from SP object, or table itself. >>>>>>>>>>>>>>> Reason: >>>>>>>>>>>>>>> 1. We need to minimize DB changes adding features. >>>>>>>>>>>>>>> 2. Adding a column per validator (XACML here) is not >>>>>>>>>>>>>>> scalable. (What if another validator is added in future, do we >>>>>>>>>>>>>>> add another >>>>>>>>>>>>>>> column?) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> a) The DAO layer should do the necessary mapping. >>>>>>>>>>>>>>> b) Can use Database Referential integrity and proper JOIN >>>>>>>>>>>>>>> queries. >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> The configuration is not for the extension. The configuration >>>>>>>>>>>>>> will answer the following concept. >>>>>>>>>>>>>> >>>>>>>>>>>>>> "Do we need to perform authorizations when isssuing access >>>>>>>>>>>>>> tokens?" >>>>>>>>>>>>>> >>>>>>>>>>>>>> There is no where in the IS object model that answers the >>>>>>>>>>>>>> above concept. >>>>>>>>>>>>>> >>>>>>>>>>>>>> The way you perform authorizations can be anything - It can >>>>>>>>>>>>>> be JDBC validator, JavaScript validator (in the future). The >>>>>>>>>>>>>> configuration >>>>>>>>>>>>>> introduced, is for the *concept*. >>>>>>>>>>>>>> >>>>>>>>>>>>>> thanks, >>>>>>>>>>>>>> Dimuthu >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>>> c) Need to add proper extension points in the code so that >>>>>>>>>>>>>>> the data-tables and UI elements can be plugged. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Cheers, >>>>>>>>>>>>>>> Ruwan >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Sun, Jan 28, 2018 at 8:28 PM, Dimuthu Leelarathne < >>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Wed, Jan 24, 2018 at 12:41 PM, Johann Nallathamby < >>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Tue, Jan 23, 2018 at 9:49 AM, Senthalan Kanagalingam < >>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> I have completed the scope validation implementation. But >>>>>>>>>>>>>>>>>> in this implementation, the entitlement engine has to run >>>>>>>>>>>>>>>>>> for every token >>>>>>>>>>>>>>>>>> validation request even there is no policy defined by the >>>>>>>>>>>>>>>>>> user for a >>>>>>>>>>>>>>>>>> particular service provider. PDP have to go through all >>>>>>>>>>>>>>>>>> existing policies >>>>>>>>>>>>>>>>>> to select the applicable policies. Its an overhead in token >>>>>>>>>>>>>>>>>> validation >>>>>>>>>>>>>>>>>> time. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> To avoid this we can introduce "Enable XACML based scope >>>>>>>>>>>>>>>>>> validator" checkbox under Local & Outbound Authentication >>>>>>>>>>>>>>>>>> Configuration. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> This should be under OAuth2 section because it's OAuth2 >>>>>>>>>>>>>>>>> specific. We can't have "scope" under "Local & Outbound >>>>>>>>>>>>>>>>> Authentication >>>>>>>>>>>>>>>>> Configuration". >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> +1. It should be under OAuth2 section. And also it should >>>>>>>>>>>>>>>> be stored in the same place as the OAuth2 configuration per >>>>>>>>>>>>>>>> service >>>>>>>>>>>>>>>> provider is stored. Where do we store the SP configurations >>>>>>>>>>>>>>>> for OAuth2.0? >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> thanks, >>>>>>>>>>>>>>>> Dimuthu >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>> Johann. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Then users can enable or disable scope validation for >>>>>>>>>>>>>>>>>> that particular service provider. This will be a simple >>>>>>>>>>>>>>>>>> select query and we >>>>>>>>>>>>>>>>>> can use caching. We can check whether the user has enabled >>>>>>>>>>>>>>>>>> the scope >>>>>>>>>>>>>>>>>> validation or not and continue. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Any suggestions or improvements are highly appreciated. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Fri, Jan 19, 2018 at 6:42 PM, Senthalan Kanagalingam < >>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Here is the architecture of the XACML based scope >>>>>>>>>>>>>>>>>>> validator. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> After whether access token has expired, the scope of the >>>>>>>>>>>>>>>>>>> token will be validated using JDBCScopeValidator and >>>>>>>>>>>>>>>>>>> XACMLScopeValidator. >>>>>>>>>>>>>>>>>>> The JDBCScopeValidator was already implemented. The >>>>>>>>>>>>>>>>>>> XACMLScopeValidator >>>>>>>>>>>>>>>>>>> will create an XACML request from access token and validate >>>>>>>>>>>>>>>>>>> using >>>>>>>>>>>>>>>>>>> EntitlementService. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Tue, Jan 16, 2018 at 8:59 PM, Dimuthu Leelarathne < >>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi Johann, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Tue, Jan 16, 2018 at 8:49 PM, Johann Nallathamby < >>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi Senthalan, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Tue, Jan 16, 2018 at 12:05 PM, Senthalan >>>>>>>>>>>>>>>>>>>>> Kanagalingam <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hi Johann, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Thanks for the feedback. Currently, I am checking >>>>>>>>>>>>>>>>>>>>>> that feature. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> According to my understanding, this feature will be >>>>>>>>>>>>>>>>>>>>>> useful to validate the token scopes against resource >>>>>>>>>>>>>>>>>>>>>> scopes. As this >>>>>>>>>>>>>>>>>>>>>> validation is done by JDBCScopeValidator and my >>>>>>>>>>>>>>>>>>>>>> implementation will be >>>>>>>>>>>>>>>>>>>>>> parallel to it (IS allows multiple scope validators), do >>>>>>>>>>>>>>>>>>>>>> I have to >>>>>>>>>>>>>>>>>>>>>> implement validation of the token scopes against the >>>>>>>>>>>>>>>>>>>>>> resource scopes as >>>>>>>>>>>>>>>>>>>>>> well? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -1 to have two implementation. There should be only >>>>>>>>>>>>>>>>>>>>> one implementation which is based on XACML. Otherwise it >>>>>>>>>>>>>>>>>>>>> will create >>>>>>>>>>>>>>>>>>>>> overhead in configuring and doesn't work well with tenant >>>>>>>>>>>>>>>>>>>>> model. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> The current scope-role based validation we introduced >>>>>>>>>>>>>>>>>>>>> in IS 5.4.0 will need to be implemented using XACML and >>>>>>>>>>>>>>>>>>>>> be the default >>>>>>>>>>>>>>>>>>>>> policy. The other policies you were planning could be >>>>>>>>>>>>>>>>>>>>> additional template >>>>>>>>>>>>>>>>>>>>> policies we ship with the product. In addition users can >>>>>>>>>>>>>>>>>>>>> have any new >>>>>>>>>>>>>>>>>>>>> policies they want (per tenant). >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Because I have checked with >>>>>>>>>>>>>>>>>>>>>> identity-application-authz-xacml[1 >>>>>>>>>>>>>>>>>>>>>> <https://github.com/wso2-extensions/identity-application-authz-xacml>] >>>>>>>>>>>>>>>>>>>>>> and planned to implement validating scopes against the >>>>>>>>>>>>>>>>>>>>>> role base and time >>>>>>>>>>>>>>>>>>>>>> base policies only. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Yes, you can use this code and implement a XACML PEP >>>>>>>>>>>>>>>>>>>>> to send a XACML request. But the validation has to happen >>>>>>>>>>>>>>>>>>>>> on the XACML PDP >>>>>>>>>>>>>>>>>>>>> side. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> What is the difference between the role based policy >>>>>>>>>>>>>>>>>>>>> you are talking and the role based scope validation we >>>>>>>>>>>>>>>>>>>>> implemented in IS >>>>>>>>>>>>>>>>>>>>> 5.4.0? >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> XACML based scope validation would give fine-grained >>>>>>>>>>>>>>>>>>>> control and flexilibility. I don't have experience with >>>>>>>>>>>>>>>>>>>> JDBC scope >>>>>>>>>>>>>>>>>>>> validator but from what I know, it is hard to have a >>>>>>>>>>>>>>>>>>>> generic implementation >>>>>>>>>>>>>>>>>>>> out of it. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> The added avantage is flexibility. You can write your >>>>>>>>>>>>>>>>>>>> custom XACML policies and control how authorization >>>>>>>>>>>>>>>>>>>> happens. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Let it be XACML or Javascript, we need detailed control >>>>>>>>>>>>>>>>>>>> to cater for different requirements. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> thanks, >>>>>>>>>>>>>>>>>>>> Dimuthu >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Time based policies can be one of the additional >>>>>>>>>>>>>>>>>>>>> policy templates we ship. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>> Johann. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> [1] - https://github.com/wso2-exte >>>>>>>>>>>>>>>>>>>>>> nsions/identity-application-authz-xacml >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Mon, Jan 15, 2018 at 8:13 PM, Johann Nallathamby < >>>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> *[-IAM, RRT]* >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> On Mon, Jan 15, 2018 at 8:13 PM, Johann Nallathamby >>>>>>>>>>>>>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Hi Senthalan, >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Did you check [1]? In this feature *@Isuranga* >>>>>>>>>>>>>>>>>>>>>>>> implement XACML policy to evaluate the permission >>>>>>>>>>>>>>>>>>>>>>>> tree. For this he had to >>>>>>>>>>>>>>>>>>>>>>>> come up with a policy, that defined a custom function. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> In the above feature if you replace permission with >>>>>>>>>>>>>>>>>>>>>>>> OAuth2 scopes (which is also a representation of >>>>>>>>>>>>>>>>>>>>>>>> permissions in OAuth2 >>>>>>>>>>>>>>>>>>>>>>>> world, and can be assigned to roles from IS 5.4.0 >>>>>>>>>>>>>>>>>>>>>>>> onwards IINM) you will >>>>>>>>>>>>>>>>>>>>>>>> get what you need. Am I right? Do you see any gaps? >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> If my wit is good, this will be the best way to >>>>>>>>>>>>>>>>>>>>>>>> implement this feature. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> [1] [IAM] Restful API to Evaluate Permission Tree >>>>>>>>>>>>>>>>>>>>>>>> in IS >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>>>> Johann. >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> On Fri, Jan 12, 2018 at 2:10 PM, Senthalan >>>>>>>>>>>>>>>>>>>>>>>> Kanagalingam <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> As the aim of this project is to validate the >>>>>>>>>>>>>>>>>>>>>>>>> scope of the token against XACML policies. I was >>>>>>>>>>>>>>>>>>>>>>>>> wrong about the extension >>>>>>>>>>>>>>>>>>>>>>>>> point. There is no need to implement it from token >>>>>>>>>>>>>>>>>>>>>>>>> validation point. There >>>>>>>>>>>>>>>>>>>>>>>>> is an extension point to extends scope >>>>>>>>>>>>>>>>>>>>>>>>> validation("OAuth2ScopeValidator"). >>>>>>>>>>>>>>>>>>>>>>>>> And IS allows multi-scope validators. So I am going >>>>>>>>>>>>>>>>>>>>>>>>> start from here. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> On Thu, Jan 11, 2018 at 5:35 PM, Senthalan >>>>>>>>>>>>>>>>>>>>>>>>> Kanagalingam <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> I am currently working on implementing XACML >>>>>>>>>>>>>>>>>>>>>>>>>> based scope validator when the resource server tries >>>>>>>>>>>>>>>>>>>>>>>>>> to validate the OAuth2 >>>>>>>>>>>>>>>>>>>>>>>>>> token. Users can publish their token validation >>>>>>>>>>>>>>>>>>>>>>>>>> XACML policies to the policy store. Here[1 >>>>>>>>>>>>>>>>>>>>>>>>>> <https://docs.google.com/document/d/1unh9QsDXMXxwbr3SPYLgRG1mKvxphX9VjhRAthHIlQU/edit?usp=sharing>] >>>>>>>>>>>>>>>>>>>>>>>>>> is a sample policy template. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> The spec implementation of the OAuth2 token >>>>>>>>>>>>>>>>>>>>>>>>>> validation is already in WSO2 IS. If spec validation >>>>>>>>>>>>>>>>>>>>>>>>>> passed only this >>>>>>>>>>>>>>>>>>>>>>>>>> validator will be called. XACML request will be >>>>>>>>>>>>>>>>>>>>>>>>>> created using >>>>>>>>>>>>>>>>>>>>>>>>>> the retrieved information of the user. Then that >>>>>>>>>>>>>>>>>>>>>>>>>> XACML request will be validated using the >>>>>>>>>>>>>>>>>>>>>>>>>> entitlement engine. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> There will be a global configuration to enable or >>>>>>>>>>>>>>>>>>>>>>>>>> disable this validation. But in future, it will be >>>>>>>>>>>>>>>>>>>>>>>>>> implemented as a >>>>>>>>>>>>>>>>>>>>>>>>>> configurable option for each service provider. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> WSO2 IS have an extension point to >>>>>>>>>>>>>>>>>>>>>>>>>> implement TokenValidator[2 >>>>>>>>>>>>>>>>>>>>>>>>>> <https://docs.wso2.com/display/IS540/Extension+Points+for+OAuth#ExtensionPointsforOAuth-OAuth2TokenValidator>]. >>>>>>>>>>>>>>>>>>>>>>>>>> I am planning to implement custom validator >>>>>>>>>>>>>>>>>>>>>>>>>> ("XACMLbasedOAuth2TokenValidator") >>>>>>>>>>>>>>>>>>>>>>>>>> at the point for validation. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> I am looking forward to suggestions/comments. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> [1] - https://docs.google.com/docume >>>>>>>>>>>>>>>>>>>>>>>>>> nt/d/1unh9QsDXMXxwbr3SPYLgRG1m >>>>>>>>>>>>>>>>>>>>>>>>>> KvxphX9VjhRAthHIlQU/edit?usp=sharing >>>>>>>>>>>>>>>>>>>>>>>>>> [2] - https://docs.wso2.com/display/ >>>>>>>>>>>>>>>>>>>>>>>>>> IS540/Extension+Points+for+OAu >>>>>>>>>>>>>>>>>>>>>>>>>> th#ExtensionPointsforOAuth-OAuth2TokenValidator >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>>>>>>> *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>>>>>>>>>> Director, Solutions Architecture >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>>>>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>>>>>> Director, Solutions Architecture >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>>>> Director, Solutions Architecture >>>>>>>>>>>>>> >>>>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>>>>>> >>>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> >>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>> >>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> *Malithi Edirisinghe* >>>>>>>>>>>> Associate Technical Lead >>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>> >>>>>>>>>>>> Mobile : +94 (0) 718176807 >>>>>>>>>>>> [email protected] >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>> WSO2, Inc. >>>>>>>>>> lean.enterprise.middleware >>>>>>>>>> >>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Architecture mailing list >>>>>>>>>> [email protected] >>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>> <http://wso2.com/signature> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>> Senior Lead Solutions Engineer >>>>>>>> WSO2, Inc. >>>>>>>> lean.enterprise.middleware >>>>>>>> >>>>>>>> Mobile: *+94 77 7776950* >>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>> Twitter: *@dj_nallaa* >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Senthalan Kanagalingam* >>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>> <http://wso2.com/signature> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Regards, >>>>>> >>>>>> >>>>>> *Darshana Gunawardana*Technical Lead >>>>>> WSO2 Inc.; http://wso2.com >>>>>> >>>>>> *E-mail: [email protected] <[email protected]>* >>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . >>>>>> Middleware >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Johann Dilantha Nallathamby* >>>>> Senior Lead Solutions Engineer >>>>> WSO2, Inc. >>>>> lean.enterprise.middleware >>>>> >>>>> Mobile: *+94 77 7776950* >>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>> Medium: *https://medium.com/@johann_nallathamby >>>>> <https://medium.com/@johann_nallathamby>* >>>>> Twitter: *@dj_nallaa* >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Senthalan Kanagalingam* >>>> *Software Engineer - WSO2 Inc.* >>>> *Mobile : +94 (0) 77 18 77 466* >>>> <http://wso2.com/signature> >>>> >>> >>> >>> >>> -- >>> >>> *Johann Dilantha Nallathamby* >>> Senior Lead Solutions Engineer >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile: *+94 77 7776950* >>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>> <http://www.linkedin.com/in/johann-nallathamby>* >>> Medium: *https://medium.com/@johann_nallathamby >>> <https://medium.com/@johann_nallathamby>* >>> Twitter: *@dj_nallaa* >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Denuwanthi De Silva >> Senior Software Engineer; >> WSO2 Inc.; http://wso2.com, >> Email: [email protected] >> Blog: https://denuwanthi.wordpress.com/ >> > > > > -- > > *Senthalan Kanagalingam* > *Software Engineer - WSO2 Inc.* > *Mobile : +94 (0) 77 18 77 466* > <http://wso2.com/signature> > -- Denuwanthi De Silva Senior Software Engineer; WSO2 Inc.; http://wso2.com, Email: [email protected] Blog: https://denuwanthi.wordpress.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
