Re: [Architecture] [IAM][IS 5.10.0] REST APIs For Federated Associations Of The User

Wed, 30 Oct 2019 00:42:18 -0700 

Hi Darshana,

Why do we need the,
>
>    - [POST] : /{user-id}/federated-associations
>
> The same API is available for the local account association. Now for
the federated account scenario, we grant this capability to an admin user,
as an admin API.

We cannot provide a */me *API for this capability, as any user would be
able to associate any federated account with his account. This was the
concern raised earlier by +Isura Karunaratne <[email protected]>.

The idea behind this approach is as a privileged user, an admin is able to
associate both local and a *federated* accounts to a given user.

Regards,
Tharindu.

On Wed, Oct 30, 2019 at 12:55 PM Darshana Gunawardana <[email protected]>
wrote:

> Hi Isura\Tharindu,
>
> Why do we need the,
>>
>>
>>    - [POST] : /{user-id}/federated-associations
>>
>>
> Thanks,
>
> On Wed, Oct 30, 2019 at 10:00 AM Tharindu Bandara <[email protected]>
> wrote:
>
>> Hi Isura,
>>
>> I think this API is not required. If this is supported, anyone can
>>> associate federated accounts without authentication. That can cause a
>>> security issue.
>>>
>>
>> +1. I will remove the [POST] : /me/federated-associations API.
>>
>> Regards,
>> --
>> *Tharindu Bandara*
>> Senior Software Engineer | WSO2
>>
>> Email : [email protected]
>> Mobile : +94 714221776
>> web : http://wso2.com
>> <https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg>
>>
>> https://wso2.com/signature
>>
>
>
> --
> Regards,
>
>
> *Darshana Gunawardana*Technical Lead
> WSO2 Inc.; http://wso2.com
>
> *E-mail: [email protected] <[email protected]>*
> *Mobile: +94718566859*Lean . Enterprise . Middleware
>


-- 
*Tharindu Bandara*
Senior Software Engineer | WSO2

Email : [email protected]
Mobile : +94 714221776
web : http://wso2.com
<https://www.google.com/url?q=http://wso2.com&sa=D&ust=1517653383990000&usg=AFQjCNFggB4bSJTKmdqKcBV0VY9xx1ABKg>

https://wso2.com/signature

_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to