+1 then. We can intergrate later. But for DCR , we have to fix that because of specification.
*Harsha Thirimanna* Associate Tech Lead | WSO2 Email: [email protected] Mob: +94715186770 Blog: http://harshathirimanna.blogspot.com/ Twitter: http://twitter.com/harshathirimann Linked-In: linked-in: http://www.linkedin.com/pub/harsha-thirimanna/10/ab8/122 <http://wso2.com/signature> On Thu, Oct 20, 2016 at 1:48 PM, Ishara Karunarathna <[email protected]> wrote: > > > On Thu, Oct 20, 2016 at 1:40 PM, Harsha Thirimanna <[email protected]> > wrote: > >> >> >> *Harsha Thirimanna* >> Associate Tech Lead | WSO2 >> >> Email: [email protected] >> Mob: +94715186770 >> Blog: http://harshathirimanna.blogspot.com/ >> Twitter: http://twitter.com/harshathirimann >> Linked-In: linked-in: http://www.linkedin.com/pub/ha >> rsha-thirimanna/10/ab8/122 >> <http://wso2.com/signature> >> >> On Thu, Oct 20, 2016 at 1:39 PM, Harsha Thirimanna <[email protected]> >> wrote: >> >>> Moving to DEV... >>> >>> *Harsha Thirimanna* >>> Associate Tech Lead | WSO2 >>> >>> Email: [email protected] >>> Mob: +94715186770 >>> Blog: http://harshathirimanna.blogspot.com/ >>> Twitter: http://twitter.com/harshathirimann >>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>> rsha-thirimanna/10/ab8/122 >>> <http://wso2.com/signature> >>> >>> On Thu, Oct 20, 2016 at 12:49 PM, Harsha Thirimanna <[email protected]> >>> wrote: >>> >> Hi, > > At this point I don't think that its good idea to remove already available > authentication mechanism and use this instead, for secured APIs since those > may have some logics those apis need. > > Instead only check with the REST APIs that need security. > WDYT ? > > -Ishara > >> If there any REST API that already secured within itself the feature, >>>> then we have to remove it and use this. As ex : DCR. in DCR we expect user >>>> in request payload for now and that APIs are not secured. After apply this >>>> we can remove the user from request payload and rely on this. And same as >>>> we may have to check other REST APIs whether those are rely on any other >>>> secure mechanism. >>>> >>>> @Isura, Can you please confirm in identity management REST API like >>>> inforecovery ? >>>> >>>> @Ayesha, >>>> Ishara already test the DCR and you can fix that removing user in >>>> payload, apply this and test. >>>> >>>> *Harsha Thirimanna* >>>> Associate Tech Lead | WSO2 >>>> >>>> Email: [email protected] >>>> Mob: +94715186770 >>>> Blog: http://harshathirimanna.blogspot.com/ >>>> Twitter: http://twitter.com/harshathirimann >>>> Linked-In: linked-in: http://www.linkedin.com/pub/ha >>>> rsha-thirimanna/10/ab8/122 >>>> <http://wso2.com/signature> >>>> >>>> On Thu, Oct 20, 2016 at 12:34 PM, Ishara Karunarathna <[email protected] >>>> > wrote: >>>> >>>>> Hi Ayesha, >>>>> >>>>> This feature provide a authentication layer in front of any unsecured >>>>> REST APIs. So do we need to test this with all the REST APIs ? >>>>> >>>>> -Ishara >>>>> >>>>> >>>>> On Thu, Oct 20, 2016 at 12:05 PM, Ayesha Dissanayaka <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi all, >>>>>> >>>>>> I have started testing the"Generic Authentication Mechanism to all >>>>>> the REST APIs" feature [1] in IS-5.3.0. >>>>>> Please mention details on REST APIs in IS services which needs to be >>>>>> secured, so that I can test those APIs with this feature. >>>>>> >>>>>> [1] https://wso2.org/jira/browse/IDENTITY-4742 >>>>>> >>>>>> Thanks! >>>>>> -Ayesha >>>>>> >>>>>> -- >>>>>> *Ayesha Dissanayaka* >>>>>> Software Engineer, >>>>>> WSO2, Inc : http://wso2.com >>>>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >>>>>> 20, Palmgrove Avenue, Colombo 3 >>>>>> E-Mail: [email protected] <[email protected]> >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Ishara Karunarathna >>>>> Associate Technical Lead >>>>> WSO2 Inc. - lean . enterprise . middleware | wso2.com >>>>> >>>>> email: [email protected], blog: isharaaruna.blogspot.com, mobile: >>>>> +94717996791 >>>>> >>>>> >>>>> >>>> >>> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > Ishara Karunarathna > Associate Technical Lead > WSO2 Inc. - lean . enterprise . middleware | wso2.com > > email: [email protected], blog: isharaaruna.blogspot.com, mobile: > +94717996791 > > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
