Hi Senthalan, Could you please explain if there is a specific reason not to show scope validators in the same order defined in identity.xml ? :) The reason I am asking this because, as Denuwanthi had mentioned, it would be better to include the execution order in the documentation and in the UI IMO. If we could list the scope validators in the same order as defined in registry.xml, it would be easier for user to understand the execution order from the UI. WDYT?
Thanks, DinushaD. On Mon, Mar 5, 2018 at 3:49 PM, Denuwanthi De Silva <[email protected]> wrote: > > > On Mon, Mar 5, 2018 at 3:10 PM, Senthalan Kanagalingam <[email protected] > > wrote: > >> Hi all, >> >> please find the inline comments. >> >>> >>> On Mon, Mar 5, 2018 at 2:04 PM, Johann Nallathamby <[email protected]> >>> wrote: >>> >>>> Hi Senthalan, >>>> >>> >> >>> >>>> JDBC Scope Validator doesn't make any sense. Can we have a more >>>> meaningful name for that? Isn't this the role based scope validator? >>>> >>> >> yes, we can use role-based scope validator for JDBC Scoper Validator. I >> will correct it. >> >> >>> >>>> Regards, >>>> Johann. >>>> >>>> On Mon, Mar 5, 2018 at 5:12 AM, Senthalan Kanagalingam < >>>> [email protected]> wrote: >>>> >>>>> Hi Johann, >>>>> >>>>> Please find the screenshot. >>>>> >>>>> >>>>> >>> Hi Senthalan, >>> >> >> >>> If both the validators are checked as in your UI, does it imply both >>> validation will happen? >>> Then what is the order? Is it the order in which it is listed as in your >>> UI? >>> >> >> Yes, two validators will be implied during the token validation time. In >> the UI, I have shown the name of the scope validators sorted by >> alphabetical order. Beacuse previously, the names were shuffled in the UI. >> Validators are implied in the order of scope validators defined in >> identity.xml. >> > > ok. So scope validators will be executed In the order specified in > identity.xml. Ex: JDBC Scope validator will be executed first and after > that XACML scope validator will be executed. > > If so, how the order of execution happens should be documented or a note > should be available in the UI itself I believe. > >> >> Thanks and regards, >> Senthalan >> >>> >>>>> I have introduced a new abstract method called "getValidatorName()" >>>>> in OAuth2ScopeValidator. That name is used to display in the UI and to >>>>> store in the database. >>>>> >>>>> thanks and regards, >>>>> Senthalan. >>>>> >>>>> On Sat, Mar 3, 2018 at 1:50 PM, Johann Nallathamby <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Senthalan, >>>>>> >>>>>> What does the final UI look like? Can you attach a screenshot? >>>>>> >>>>>> Regards, >>>>>> Johann. >>>>>> >>>>>> On Tue, Feb 20, 2018 at 1:48 PM, Darshana Gunawardana < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> +1 for second option. >>>>>>> >>>>>>> On Tue, Feb 20, 2018 at 5:55 PM, Senthalan Kanagalingam < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> hi all, >>>>>>>> >>>>>>>> In the UI of this implementation currently, we are showing only the >>>>>>>> class name of the registered validators. If there are two scope >>>>>>>> validators >>>>>>>> with the same class name registered in two different packages. Then >>>>>>>> the UI >>>>>>>> will show mixed up with duplicate values. There are two options to >>>>>>>> solve >>>>>>>> this problem, >>>>>>>> >>>>>>>> 1. Show the class name with the package name >>>>>>>> 2. Implement a method in OAuth2ScopeValidator API to get >>>>>>>> meaning full name. >>>>>>>> >>>>>>>> Please provide feedback regarding this. >>>>>>>> >>>>>>>> Thanks and Regards, >>>>>>>> Senthalan. >>>>>>>> >>>>>>>> On Thu, Feb 8, 2018 at 5:29 PM, Johann Nallathamby <[email protected] >>>>>>>> > wrote: >>>>>>>> >>>>>>>>> Hi Folks, >>>>>>>>> >>>>>>>>> I also have another concern here. Sorry I didn't bring this up >>>>>>>>> earlier in the mail. Why do we show the scope validators in the SP UI? >>>>>>>>> Scope validators are options given for the Resource Providers (API >>>>>>>>> Provider/API Admins) to choose how they want to protect their APIs. >>>>>>>>> In that >>>>>>>>> sense these options are only suitable to be configured at against >>>>>>>>> Resources >>>>>>>>> or Resource groups by OAuth2 admins; not at service provider level. >>>>>>>>> So I >>>>>>>>> don't think having it in the SP UI is conceptually correct. However I >>>>>>>>> understand that the SP UI is mostly used by admins and not the real >>>>>>>>> service >>>>>>>>> providers. The real service providers actually interact with a portal >>>>>>>>> like >>>>>>>>> the API Store and IS is used only as the backend where API calls are >>>>>>>>> made. >>>>>>>>> So when it comes to usage it might not be a big deal but still >>>>>>>>> conceptually >>>>>>>>> it's not right. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Johann. >>>>>>>>> >>>>>>>>> On Fri, Feb 2, 2018 at 10:06 AM, Senthalan Kanagalingam < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi Darshana, Johann, >>>>>>>>>> >>>>>>>>>> Yes sure, I will change the UI. >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Senthalan >>>>>>>>>> >>>>>>>>>> On Thu, Feb 1, 2018 at 11:48 AM, Johann Nallathamby < >>>>>>>>>> [email protected]> wrote: >>>>>>>>>> >>>>>>>>>>> Hi Senthalan, >>>>>>>>>>> >>>>>>>>>>> On Thu, Feb 1, 2018 at 9:30 AM, Senthalan Kanagalingam < >>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Malithi, >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Jan 31, 2018 at 12:06 PM, Malithi Edirisinghe < >>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Hi Senthalan, >>>>>>>>>>>>> >>>>>>>>>>>>> On Tue, Jan 30, 2018 at 9:33 AM, Senthalan Kanagalingam < >>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>> >>>>>>>>>>>>>> We had a discussion regarding the state of this project. >>>>>>>>>>>>>> Please find the meeting notes below, >>>>>>>>>>>>>> >>>>>>>>>>>>>> Participants: Dimuthu, Ruwan, Darshana, Nadun, Pamoda, >>>>>>>>>>>>>> Biruntha >>>>>>>>>>>>>> >>>>>>>>>>>>>> - Have multiple checkboxes in OAuth UI for all scope >>>>>>>>>>>>>> validators. Then users can pick on their wish. >>>>>>>>>>>>>> - When calling the scope validation, call the picked >>>>>>>>>>>>>> validators. >>>>>>>>>>>>>> - Store the picked scope validators for each OAuth app >>>>>>>>>>>>>> against its "app id" in a new table. >>>>>>>>>>>>>> - JDBCScopeValidator has to be picked as default, as we >>>>>>>>>>>>>> have it in the current implementation. >>>>>>>>>>>>>> - So write one migration script to populate the new table >>>>>>>>>>>>>> with JDBCScopeValidator as picked validator for available >>>>>>>>>>>>>> OAuth apps. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> Will UI be rendered upon the scope validators available in the >>>>>>>>>>>>> runtime ? >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Yes, I have planned to take the scope validators registered in >>>>>>>>>>>> OAuthServerConfiguration. So UI will render scope validators >>>>>>>>>>>> available in >>>>>>>>>>>> runtime. (But updating the registered scope validators need server >>>>>>>>>>>> restart >>>>>>>>>>>> as OAuthServerConfiguration loads the config at startup) >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> This will be a connector to the product. Therefore, the UI >>>>>>>>>>>>> should not directly couple with the existing UI. >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> The UI change is for the concept of scope validator not for >>>>>>>>>>>> this specfic validator. If there is a new scope validation >>>>>>>>>>>> extension, that >>>>>>>>>>>> will also appear in the UI. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Please don't use the FQCN in the UI. Use simple meaningful >>>>>>>>>>> names, like how we have done in our authenticators. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Johann. >>>>>>>>>>> >>>>>>>>>>> [image: Inline image 1] >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Mon, Jan 29, 2018 at 11:43 AM, Dimuthu Leelarathne < >>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, Jan 29, 2018 at 11:38 AM, Ruwan Abeykoon < >>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>>> -1 on adding anything to SP Configuration. This needs to be >>>>>>>>>>>>>>>> separated from SP object, or table itself. >>>>>>>>>>>>>>>> Reason: >>>>>>>>>>>>>>>> 1. We need to minimize DB changes adding features. >>>>>>>>>>>>>>>> 2. Adding a column per validator (XACML here) is not >>>>>>>>>>>>>>>> scalable. (What if another validator is added in future, do we >>>>>>>>>>>>>>>> add another >>>>>>>>>>>>>>>> column?) >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> a) The DAO layer should do the necessary mapping. >>>>>>>>>>>>>>>> b) Can use Database Referential integrity and proper JOIN >>>>>>>>>>>>>>>> queries. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The configuration is not for the extension. The >>>>>>>>>>>>>>> configuration will answer the following concept. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> "Do we need to perform authorizations when isssuing access >>>>>>>>>>>>>>> tokens?" >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> There is no where in the IS object model that answers the >>>>>>>>>>>>>>> above concept. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The way you perform authorizations can be anything - It can >>>>>>>>>>>>>>> be JDBC validator, JavaScript validator (in the future). The >>>>>>>>>>>>>>> configuration >>>>>>>>>>>>>>> introduced, is for the *concept*. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> thanks, >>>>>>>>>>>>>>> Dimuthu >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> c) Need to add proper extension points in the code so that >>>>>>>>>>>>>>>> the data-tables and UI elements can be plugged. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Cheers, >>>>>>>>>>>>>>>> Ruwan >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Sun, Jan 28, 2018 at 8:28 PM, Dimuthu Leelarathne < >>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Wed, Jan 24, 2018 at 12:41 PM, Johann Nallathamby < >>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Tue, Jan 23, 2018 at 9:49 AM, Senthalan Kanagalingam < >>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> I have completed the scope validation implementation. >>>>>>>>>>>>>>>>>>> But in this implementation, the entitlement engine has to >>>>>>>>>>>>>>>>>>> run for every >>>>>>>>>>>>>>>>>>> token validation request even there is no policy defined by >>>>>>>>>>>>>>>>>>> the user for a >>>>>>>>>>>>>>>>>>> particular service provider. PDP have to go through all >>>>>>>>>>>>>>>>>>> existing policies >>>>>>>>>>>>>>>>>>> to select the applicable policies. Its an overhead in token >>>>>>>>>>>>>>>>>>> validation >>>>>>>>>>>>>>>>>>> time. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> To avoid this we can introduce "Enable XACML based scope >>>>>>>>>>>>>>>>>>> validator" checkbox under Local & Outbound Authentication >>>>>>>>>>>>>>>>>>> Configuration. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> This should be under OAuth2 section because it's OAuth2 >>>>>>>>>>>>>>>>>> specific. We can't have "scope" under "Local & Outbound >>>>>>>>>>>>>>>>>> Authentication >>>>>>>>>>>>>>>>>> Configuration". >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> +1. It should be under OAuth2 section. And also it should >>>>>>>>>>>>>>>>> be stored in the same place as the OAuth2 configuration per >>>>>>>>>>>>>>>>> service >>>>>>>>>>>>>>>>> provider is stored. Where do we store the SP configurations >>>>>>>>>>>>>>>>> for OAuth2.0? >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> thanks, >>>>>>>>>>>>>>>>> Dimuthu >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>> Johann. >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Then users can enable or disable scope validation for >>>>>>>>>>>>>>>>>>> that particular service provider. This will be a simple >>>>>>>>>>>>>>>>>>> select query and we >>>>>>>>>>>>>>>>>>> can use caching. We can check whether the user has enabled >>>>>>>>>>>>>>>>>>> the scope >>>>>>>>>>>>>>>>>>> validation or not and continue. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Any suggestions or improvements are highly appreciated. >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> On Fri, Jan 19, 2018 at 6:42 PM, Senthalan Kanagalingam >>>>>>>>>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Hi, >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Here is the architecture of the XACML based scope >>>>>>>>>>>>>>>>>>>> validator. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> After whether access token has expired, the scope of >>>>>>>>>>>>>>>>>>>> the token will be validated using JDBCScopeValidator and >>>>>>>>>>>>>>>>>>>> XACMLScopeValidator. The JDBCScopeValidator was already >>>>>>>>>>>>>>>>>>>> implemented. The >>>>>>>>>>>>>>>>>>>> XACMLScopeValidator will create an XACML request from >>>>>>>>>>>>>>>>>>>> access token and >>>>>>>>>>>>>>>>>>>> validate using EntitlementService. >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> On Tue, Jan 16, 2018 at 8:59 PM, Dimuthu Leelarathne < >>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Hi Johann, >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> On Tue, Jan 16, 2018 at 8:49 PM, Johann Nallathamby < >>>>>>>>>>>>>>>>>>>>> [email protected]> wrote: >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Hi Senthalan, >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> On Tue, Jan 16, 2018 at 12:05 PM, Senthalan >>>>>>>>>>>>>>>>>>>>>> Kanagalingam <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Hi Johann, >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Thanks for the feedback. Currently, I am checking >>>>>>>>>>>>>>>>>>>>>>> that feature. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> According to my understanding, this feature will be >>>>>>>>>>>>>>>>>>>>>>> useful to validate the token scopes against resource >>>>>>>>>>>>>>>>>>>>>>> scopes. As this >>>>>>>>>>>>>>>>>>>>>>> validation is done by JDBCScopeValidator and my >>>>>>>>>>>>>>>>>>>>>>> implementation will be >>>>>>>>>>>>>>>>>>>>>>> parallel to it (IS allows multiple scope validators), >>>>>>>>>>>>>>>>>>>>>>> do I have to >>>>>>>>>>>>>>>>>>>>>>> implement validation of the token scopes against the >>>>>>>>>>>>>>>>>>>>>>> resource scopes as >>>>>>>>>>>>>>>>>>>>>>> well? >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -1 to have two implementation. There should be only >>>>>>>>>>>>>>>>>>>>>> one implementation which is based on XACML. Otherwise it >>>>>>>>>>>>>>>>>>>>>> will create >>>>>>>>>>>>>>>>>>>>>> overhead in configuring and doesn't work well with >>>>>>>>>>>>>>>>>>>>>> tenant model. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> The current scope-role based validation we introduced >>>>>>>>>>>>>>>>>>>>>> in IS 5.4.0 will need to be implemented using XACML and >>>>>>>>>>>>>>>>>>>>>> be the default >>>>>>>>>>>>>>>>>>>>>> policy. The other policies you were planning could be >>>>>>>>>>>>>>>>>>>>>> additional template >>>>>>>>>>>>>>>>>>>>>> policies we ship with the product. In addition users can >>>>>>>>>>>>>>>>>>>>>> have any new >>>>>>>>>>>>>>>>>>>>>> policies they want (per tenant). >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Because I have checked with >>>>>>>>>>>>>>>>>>>>>>> identity-application-authz-xacml[1 >>>>>>>>>>>>>>>>>>>>>>> <https://github.com/wso2-extensions/identity-application-authz-xacml>] >>>>>>>>>>>>>>>>>>>>>>> and planned to implement validating scopes against the >>>>>>>>>>>>>>>>>>>>>>> role base and time >>>>>>>>>>>>>>>>>>>>>>> base policies only. >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Yes, you can use this code and implement a XACML PEP >>>>>>>>>>>>>>>>>>>>>> to send a XACML request. But the validation has to >>>>>>>>>>>>>>>>>>>>>> happen on the XACML PDP >>>>>>>>>>>>>>>>>>>>>> side. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> What is the difference between the role based policy >>>>>>>>>>>>>>>>>>>>>> you are talking and the role based scope validation we >>>>>>>>>>>>>>>>>>>>>> implemented in IS >>>>>>>>>>>>>>>>>>>>>> 5.4.0? >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> XACML based scope validation would give fine-grained >>>>>>>>>>>>>>>>>>>>> control and flexilibility. I don't have experience with >>>>>>>>>>>>>>>>>>>>> JDBC scope >>>>>>>>>>>>>>>>>>>>> validator but from what I know, it is hard to have a >>>>>>>>>>>>>>>>>>>>> generic implementation >>>>>>>>>>>>>>>>>>>>> out of it. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> The added avantage is flexibility. You can write your >>>>>>>>>>>>>>>>>>>>> custom XACML policies and control how authorization >>>>>>>>>>>>>>>>>>>>> happens. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Let it be XACML or Javascript, we need detailed >>>>>>>>>>>>>>>>>>>>> control to cater for different requirements. >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> thanks, >>>>>>>>>>>>>>>>>>>>> Dimuthu >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Time based policies can be one of the additional >>>>>>>>>>>>>>>>>>>>>> policy templates we ship. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>> Johann. >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> [1] - https://github.com/wso2-exte >>>>>>>>>>>>>>>>>>>>>>> nsions/identity-application-authz-xacml >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> On Mon, Jan 15, 2018 at 8:13 PM, Johann Nallathamby >>>>>>>>>>>>>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> *[-IAM, RRT]* >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> On Mon, Jan 15, 2018 at 8:13 PM, Johann Nallathamby >>>>>>>>>>>>>>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Hi Senthalan, >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Did you check [1]? In this feature *@Isuranga* >>>>>>>>>>>>>>>>>>>>>>>>> implement XACML policy to evaluate the permission >>>>>>>>>>>>>>>>>>>>>>>>> tree. For this he had to >>>>>>>>>>>>>>>>>>>>>>>>> come up with a policy, that defined a custom function. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> In the above feature if you replace permission >>>>>>>>>>>>>>>>>>>>>>>>> with OAuth2 scopes (which is also a representation of >>>>>>>>>>>>>>>>>>>>>>>>> permissions in OAuth2 >>>>>>>>>>>>>>>>>>>>>>>>> world, and can be assigned to roles from IS 5.4.0 >>>>>>>>>>>>>>>>>>>>>>>>> onwards IINM) you will >>>>>>>>>>>>>>>>>>>>>>>>> get what you need. Am I right? Do you see any gaps? >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> If my wit is good, this will be the best way to >>>>>>>>>>>>>>>>>>>>>>>>> implement this feature. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> [1] [IAM] Restful API to Evaluate Permission Tree >>>>>>>>>>>>>>>>>>>>>>>>> in IS >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>>>>>>>>>> Johann. >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> On Fri, Jan 12, 2018 at 2:10 PM, Senthalan >>>>>>>>>>>>>>>>>>>>>>>>> Kanagalingam <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> As the aim of this project is to validate the >>>>>>>>>>>>>>>>>>>>>>>>>> scope of the token against XACML policies. I was >>>>>>>>>>>>>>>>>>>>>>>>>> wrong about the extension >>>>>>>>>>>>>>>>>>>>>>>>>> point. There is no need to implement it from token >>>>>>>>>>>>>>>>>>>>>>>>>> validation point. There >>>>>>>>>>>>>>>>>>>>>>>>>> is an extension point to extends scope >>>>>>>>>>>>>>>>>>>>>>>>>> validation("OAuth2ScopeValidator"). >>>>>>>>>>>>>>>>>>>>>>>>>> And IS allows multi-scope validators. So I am >>>>>>>>>>>>>>>>>>>>>>>>>> going start from here. >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> On Thu, Jan 11, 2018 at 5:35 PM, Senthalan >>>>>>>>>>>>>>>>>>>>>>>>>> Kanagalingam <[email protected]> wrote: >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Hi all, >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> I am currently working on implementing XACML >>>>>>>>>>>>>>>>>>>>>>>>>>> based scope validator when the resource server >>>>>>>>>>>>>>>>>>>>>>>>>>> tries to validate the OAuth2 >>>>>>>>>>>>>>>>>>>>>>>>>>> token. Users can publish their token validation >>>>>>>>>>>>>>>>>>>>>>>>>>> XACML policies to the policy store. Here[1 >>>>>>>>>>>>>>>>>>>>>>>>>>> <https://docs.google.com/document/d/1unh9QsDXMXxwbr3SPYLgRG1mKvxphX9VjhRAthHIlQU/edit?usp=sharing>] >>>>>>>>>>>>>>>>>>>>>>>>>>> is a sample policy template. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> The spec implementation of the OAuth2 token >>>>>>>>>>>>>>>>>>>>>>>>>>> validation is already in WSO2 IS. If spec >>>>>>>>>>>>>>>>>>>>>>>>>>> validation passed only this >>>>>>>>>>>>>>>>>>>>>>>>>>> validator will be called. XACML request will be >>>>>>>>>>>>>>>>>>>>>>>>>>> created using >>>>>>>>>>>>>>>>>>>>>>>>>>> the retrieved information of the user. Then >>>>>>>>>>>>>>>>>>>>>>>>>>> that XACML request will be validated using the >>>>>>>>>>>>>>>>>>>>>>>>>>> entitlement engine. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> There will be a global configuration to enable >>>>>>>>>>>>>>>>>>>>>>>>>>> or disable this validation. But in future, it will >>>>>>>>>>>>>>>>>>>>>>>>>>> be implemented as a >>>>>>>>>>>>>>>>>>>>>>>>>>> configurable option for each service provider. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> WSO2 IS have an extension point to >>>>>>>>>>>>>>>>>>>>>>>>>>> implement TokenValidator[2 >>>>>>>>>>>>>>>>>>>>>>>>>>> <https://docs.wso2.com/display/IS540/Extension+Points+for+OAuth#ExtensionPointsforOAuth-OAuth2TokenValidator>]. >>>>>>>>>>>>>>>>>>>>>>>>>>> I am planning to implement custom validator >>>>>>>>>>>>>>>>>>>>>>>>>>> ("XACMLbasedOAuth2TokenValidator") >>>>>>>>>>>>>>>>>>>>>>>>>>> at the point for validation. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> I am looking forward to suggestions/comments. >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> [1] - https://docs.google.com/docume >>>>>>>>>>>>>>>>>>>>>>>>>>> nt/d/1unh9QsDXMXxwbr3SPYLgRG1m >>>>>>>>>>>>>>>>>>>>>>>>>>> KvxphX9VjhRAthHIlQU/edit?usp=sharing >>>>>>>>>>>>>>>>>>>>>>>>>>> [2] - https://docs.wso2.com/display/ >>>>>>>>>>>>>>>>>>>>>>>>>>> IS540/Extension+Points+for+OAu >>>>>>>>>>>>>>>>>>>>>>>>>>> th#ExtensionPointsforOAuth-OAuth2TokenValidator >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> Thanks and Regards, >>>>>>>>>>>>>>>>>>>>>>>>>>> Senthalan >>>>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>>>>>>>> *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>>>>>>>>> LinkedIn: >>>>>>>>>>>>>>>>>>>>>>>> *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>>>>>>>>>>> Director, Solutions Architecture >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>>>>>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>>>>>>>>> WSO2, Inc. >>>>>>>>>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>>>>>>> Director, Solutions Architecture >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>>>>>> Director, Solutions Architecture >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>>>>>> email: [email protected] >>>>>>>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> -- >>>>>>>>>>>>>> >>>>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>>>> >>>>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> -- >>>>>>>>>>>>> >>>>>>>>>>>>> *Malithi Edirisinghe* >>>>>>>>>>>>> Associate Technical Lead >>>>>>>>>>>>> WSO2 Inc. >>>>>>>>>>>>> >>>>>>>>>>>>> Mobile : +94 (0) 718176807 >>>>>>>>>>>>> [email protected] >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> >>>>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Architecture mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> >>>>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>>>> WSO2, Inc. >>>>>>>>>>> lean.enterprise.middleware >>>>>>>>>>> >>>>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Architecture mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> >>>>>>>>>> *Senthalan Kanagalingam* >>>>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>>>> <http://wso2.com/signature> >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> >>>>>>>>> *Johann Dilantha Nallathamby* >>>>>>>>> Senior Lead Solutions Engineer >>>>>>>>> WSO2, Inc. >>>>>>>>> lean.enterprise.middleware >>>>>>>>> >>>>>>>>> Mobile: *+94 77 7776950* >>>>>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>>>>> <https://medium.com/@johann_nallathamby>* >>>>>>>>> Twitter: *@dj_nallaa* >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> *Senthalan Kanagalingam* >>>>>>>> *Software Engineer - WSO2 Inc.* >>>>>>>> *Mobile : +94 (0) 77 18 77 466* >>>>>>>> <http://wso2.com/signature> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> >>>>>>> >>>>>>> *Darshana Gunawardana*Technical Lead >>>>>>> WSO2 Inc.; http://wso2.com >>>>>>> >>>>>>> *E-mail: [email protected] <[email protected]>* >>>>>>> *Mobile: +94718566859 <+94%2071%20856%206859>*Lean . Enterprise . >>>>>>> Middleware >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Johann Dilantha Nallathamby* >>>>>> Senior Lead Solutions Engineer >>>>>> WSO2, Inc. >>>>>> lean.enterprise.middleware >>>>>> >>>>>> Mobile: *+94 77 7776950* >>>>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>>>> Medium: *https://medium.com/@johann_nallathamby >>>>>> <https://medium.com/@johann_nallathamby>* >>>>>> Twitter: *@dj_nallaa* >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Senthalan Kanagalingam* >>>>> *Software Engineer - WSO2 Inc.* >>>>> *Mobile : +94 (0) 77 18 77 466* >>>>> <http://wso2.com/signature> >>>>> >>>> >>>> >>>> >>>> -- >>>> >>>> *Johann Dilantha Nallathamby* >>>> Senior Lead Solutions Engineer >>>> WSO2, Inc. >>>> lean.enterprise.middleware >>>> >>>> Mobile: *+94 77 7776950* >>>> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >>>> <http://www.linkedin.com/in/johann-nallathamby>* >>>> Medium: *https://medium.com/@johann_nallathamby >>>> <https://medium.com/@johann_nallathamby>* >>>> Twitter: *@dj_nallaa* >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> Denuwanthi De Silva >>> Senior Software Engineer; >>> WSO2 Inc.; http://wso2.com, >>> Email: [email protected] >>> Blog: https://denuwanthi.wordpress.com/ >>> >> >> >> >> -- >> >> *Senthalan Kanagalingam* >> *Software Engineer - WSO2 Inc.* >> *Mobile : +94 (0) 77 18 77 466* >> <http://wso2.com/signature> >> > > > > -- > Denuwanthi De Silva > Senior Software Engineer; > WSO2 Inc.; http://wso2.com, > Email: [email protected] > Blog: https://denuwanthi.wordpress.com/ > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dinusha Dissanayake Software Engineer WSO2 Inc Mobile: +94712939439 <https://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
