On Mar 19, 2015, at 12:37 AM, Nick Coghlan wrote: >In the case of Roundup, the data model is actually very REST friendly, >as the existing XML-RPC interface already embodies the "collections of >resources" approach. In theory, it should "just" be a matter of >exposing those collections through an appropriate set of APIs (and >figuring out things like access management, etc).
This is probably getting off-topic, but MM3 took the approach that the core engine's REST API deliberately doesn't do access management. We call it an "administrative API" and only run it on localhost (configurable of course, but we tell admins never to run it on a public IP). This opens up a wide range of very interesting possibilities. Our web ui is written entirely against the API so while you could use the one we'll release, you're not tied to it at all. Another interesting piece is the public REST proxy, which *will* be available on a public IP. This is where access management is implemented. It uses information from the core, but has its own model for restricting and controlling access. This means it can be implemented independently, deployed or not deployed independently, and even completely replaces by downstream integrators. Anyway, we're really happy with the way this architecture has turned out. Cheers, -Barry
pgpC3fd3RMfBE.pgp
Description: OpenPGP digital signature
_______________________________________________ core-workflow mailing list core-workflow@python.org https://mail.python.org/mailman/listinfo/core-workflow This list is governed by the PSF Code of Conduct: https://www.python.org/psf/codeofconduct