Hi Chanaka/Godwin, In order to further implement this feature I really appreciate your input on the below concerns.
1. When considering the security perspective, it seems we have two options to specify user roles config either as a registry resource or using the parameter 'allowRoles' in the proxy configuration. IMO implement it as a registry resource would be better when considering the security perspective. WDYT? Also, if we are to implement it as a registry resource then the content of the resource will be <parameter name="allowRoles">admin</parameter>. @Chanaka: Can we have a parameter in the proxy config to define the registry resource for the user roles as we define the security policy (eg: <policy key="conf:repository/policy.xml"/> ) ? @Godwin : If user roles is going to be implemented as a registry resource, will there be a predefined registry location to save it ? If so can you please state it? Really appreciate your response on this. Thanks, Sohani Sohani Weerasinghe Software Engineer WSO2, Inc: http://wso2.com Mobile : +94 716439774 Blog :http://christinetechtips.blogspot.com/ Twitter : https://twitter.com/sohanichristine On Tue, Mar 24, 2015 at 3:52 PM, Sohani Weerasinghe <[email protected]> wrote: > Hi Chanaka/Godwin, > > Can you please provide an input on the below concerns to further carry out > the implementation from DevS side. > > 1.When considering the usability aspect, I think it's better if we can > create a registry resource for user roles at the time of creating the > policy using the Security Editor Form by getting the User Roles values from > the user rather than asking user to create a new registry resource for User > Roles. > > @Godwin: can you please state the required registry path to deploy the > User Roles configs? > > 2. If the User Roles config saves as a registry resource, how this can be > utilize by the proxy service? Will there be a property in the proxy service > so that we can point the User Role config as pointing the policy file. > > 3. If we are deploying the policy and User Role configs via CAPP, in a > case where multiple policy files deploying in the same registry location, > in order to match the User Role config with the relevant policy file, how > can we identify the matching User Role config and the policy? Can we have > the same resource name for the policy and the User Role configs? > > @Chanaka: can you please confirm points 2 and 3? > > Thanks, > Sohani > > Sohani Weerasinghe > Software Engineer > WSO2, Inc: http://wso2.com > > Mobile : +94 716439774 > Blog :http://christinetechtips.blogspot.com/ > Twitter : https://twitter.com/sohanichristine > > On Tue, Mar 24, 2015 at 3:42 PM, Chanaka Fernando <[email protected]> > wrote: > >> Hi Godwin, >> >> That would be good. >> >> Thanks, >> Chanaka >> >> On Tue, Mar 24, 2015 at 3:40 PM, Godwin Amila Shrimal <[email protected]> >> wrote: >> >>> Hi Chanaka, >>> >>> It'll finish within this week. >>> >>> >>> Thanks >>> Godwin >>> >>> >>> On Tue, Mar 24, 2015 at 3:35 PM, Chanaka Fernando <[email protected]> >>> wrote: >>> >>>> Hi Godwin, >>>> >>>> When will you finish the offsite dev service? >>>> >>>> Thanks, >>>> Chanaka >>>> >>>> On Tue, Mar 24, 2015 at 3:30 PM, Godwin Amila Shrimal <[email protected]> >>>> wrote: >>>> >>>>> Hi Chanaka, >>>>> >>>>> We have basically completed the registry base implementation in >>>>> security mgt component and need to do code refactoring and more testing. I >>>>> tested basic scenarios with STS-service and it worked ok. Currently I am >>>>> in >>>>> an offsite DevService and planning to do remaining refactoring and testing >>>>> after this. >>>>> >>>>> >>>>> Thanks >>>>> Godwin >>>>> >>>>> >>>>> >>>>> On Tue, Mar 24, 2015 at 2:00 PM, Chanaka Fernando <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I am writing this mail to take the discussions related to $subject in >>>>>> to a single place. With the ESB 4.9.0 release, we are removing the UI >>>>>> capability of applying security policies from the management console. >>>>>> Going >>>>>> forward, users can only apply security policies to ESB proxy services >>>>>> using >>>>>> developer studio. Even though this functionality is already available in >>>>>> the Developer Studio, it has some edge cases when we use that approach. >>>>>> One >>>>>> such limitation is that there is no place to select the users/roles in >>>>>> the >>>>>> developer studio when applying the security policy. Currently, this >>>>>> information is stored in meta files and with the 4.9.0 version, service >>>>>> meta files are removed. Plan is to store this information in registry and >>>>>> access from their. From the Developer Studio also, it will create the >>>>>> registry file when applying security policies. >>>>>> >>>>>> This would be a necessary feature for ESB 4.9.0 release since this >>>>>> will effect the entire security applying process going forward. >>>>>> >>>>>> @Godwin: Please add if I have missed anything and give us some update >>>>>> on the status from the security side. >>>>>> >>>>>> @Sohani/DevS team: Please give us some update on this implementation. >>>>>> >>>>>> >>>>>> Thanks, >>>>>> Chanaka >>>>>> >>>>>> >>>>>> -- >>>>>> -- >>>>>> Chanaka Fernando >>>>>> Technical Lead >>>>>> WSO2, Inc.; http://wso2.com >>>>>> lean.enterprise.middleware >>>>>> >>>>>> mobile: +94 773337238 >>>>>> Blog : http://soatutorials.blogspot.com >>>>>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>>>> Twitter:https://twitter.com/chanakaudaya >>>>>> Wordpress:http://chanakaudaya.wordpress.com >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Godwin Amila Shrimal* >>>>> Senior Software Engineer >>>>> WSO2 Inc.; http://wso2.com >>>>> lean.enterprise.middleware >>>>> >>>>> mobile: *+94772264165* >>>>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>>>> twitter: https://twitter.com/godwinamila >>>>> >>>> >>>> >>>> >>>> -- >>>> -- >>>> Chanaka Fernando >>>> Technical Lead >>>> WSO2, Inc.; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> mobile: +94 773337238 >>>> Blog : http://soatutorials.blogspot.com >>>> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >>>> Twitter:https://twitter.com/chanakaudaya >>>> Wordpress:http://chanakaudaya.wordpress.com >>>> >>>> >>>> >>>> >>> >>> >>> -- >>> *Godwin Amila Shrimal* >>> Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: *+94772264165* >>> linkedin: *http://lnkd.in/KUum6D <http://lnkd.in/KUum6D>* >>> twitter: https://twitter.com/godwinamila >>> >> >> >> >> -- >> -- >> Chanaka Fernando >> Technical Lead >> WSO2, Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: +94 773337238 >> Blog : http://soatutorials.blogspot.com >> LinkedIn:http://www.linkedin.com/pub/chanaka-fernando/19/a20/5b0 >> Twitter:https://twitter.com/chanakaudaya >> Wordpress:http://chanakaudaya.wordpress.com >> >> >> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
