Suresh Marru created AIRAVATA-1624:
--------------------------------------
Summary: [GSoC] Securing Airavata API
Key: AIRAVATA-1624
URL: https://issues.apache.org/jira/browse/AIRAVATA-1624
Project: Airavata
Issue Type: New Feature
Components: Airavata API
Reporter: Suresh Marru
Apache Airavata uses Thrift based API's for external facing API's and for
system internal CPI's. The API's need to be secured adding authentication and
authorization capabilities.
The Authentication need to ensure only approved users/clients can communicate.
Similarly clients should only interact with valid servers.
Authorization need to be enforced to ensure only users with specific roles can
appropriately access specific API's. As an example, administrative roles should
be able see all the users experiments where as end users can only see his/her
data and not access other information (unless explicitly shared).
Earlier GSoC project focused on this topic has relavent discussion.
https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
