[
https://issues.apache.org/jira/browse/AIRAVATA-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14574458#comment-14574458
]
Hasini Gunasinghe edited comment on AIRAVATA-1624 at 6/5/15 1:38 PM:
---------------------------------------------------------------------
Hi Supun,
I am planning to properly document the steps to follow when developing a
clients to access secured Airavata API. Until then, you can refer the steps of
running the sample at [1] and the source code of secure client sample [2] to
get an idea. I have not developed OAuth clients in PHP before, so I can not
recommend you any libraries to use at the moment. You will also need to
generate PHP client stubs for WSO2 IS admin services. Please feel free to ask
if you get any specific questions during the development.
[1] https://cwiki.apache.org/confluence/display/AIRAVATA/Sprint+1
[2]
https://github.com/apache/airavata/tree/master/samples/java-client/secure-client
Thanks,
Hasini.
was (Author: hasinig):
Hi Supun,
I am planning to properly document the steps to follow when developing a
clients to access secured Airavata API. Until then, you can refer the steps of
running the sample at [1] and the source code of secure client sample [2] to
get an idea. I do not have developed OAuth clients in PHP before, so I can not
recommend you any libraries to use at the moment. You will also need to
generate PHP client stubs for WSO2 IS admin services. Please feel free to ask
if you get any specific questions during the development.
[1] https://cwiki.apache.org/confluence/display/AIRAVATA/Sprint+1
[2]
https://github.com/apache/airavata/tree/master/samples/java-client/secure-client
Thanks,
Hasini.
> [GSoC] Securing Airavata API
> ----------------------------
>
> Key: AIRAVATA-1624
> URL: https://issues.apache.org/jira/browse/AIRAVATA-1624
> Project: Airavata
> Issue Type: New Feature
> Components: Airavata API
> Reporter: Suresh Marru
> Labels: gsoc, gsoc2015, mentor
> Fix For: WISHLIST
>
> Attachments: Securing_ARAVATA_API_V1.pdf
>
>
> Apache Airavata uses Thrift based API's for external facing API's and for
> system internal CPI's. The API's need to be secured adding authentication and
> authorization capabilities.
> The Authentication need to ensure only approved users/clients can
> communicate. Similarly clients should only interact with valid servers.
> Authorization need to be enforced to ensure only users with specific roles
> can appropriately access specific API's. As an example, administrative roles
> should be able see all the users experiments where as end users can only see
> his/her data and not access other information (unless explicitly shared).
> Earlier GSoC project focused on this topic has relavent discussion.
> https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
