Re: [Architecture] Cloud Tenant deletion caching issue

2014-09-06 Thread Nirmal Fernando 
Shouldn't this tenant event listener be triggered in all the nodes in the
cluster? If not, I think we might need to fix it.


On Sat, Sep 6, 2014 at 10:00 AM, Selvaratnam Uthaiyashankar 
shan...@wso2.com wrote:

 Even if we have public method, how will it work in a clustered
 environment? For example, delete request is sent to Node1, (and lets say
 one way or the other we delete the entry from map on Node1), and create
 request is sent to Node 2 (which still has the entry in the map). Are we
 going to use cluster messages to clear the entry from all nodes?


 On Friday, September 5, 2014, Nirmal Fernando nir...@wso2.com wrote:

 I think that should be ok. @Johann wdyt?


 On Fri, Sep 5, 2014 at 8:23 PM, Godwin Amila Shrimal god...@wso2.com
 wrote:

 Hi Nirmal,

 Yes we can do it, But current map doesn't have public access, then we
 need to have a public method inside the *JDBCTenantManager *to delete
 the entry.


 On Fri, Sep 5, 2014 at 8:00 PM, Nirmal Fernando nir...@wso2.com wrote:

 Can't we use a tenant event listener and remove the entry from the map
 on a tenant deletion event?


 On Fri, Sep 5, 2014 at 7:50 PM, Godwin Amila Shrimal god...@wso2.com
 wrote:

 Hi,

 We are working on tenant deletion implementation, once we perform the
 current tenant deletion operation in *TenantMgtAdminService* it
 deletes registry, user store etc. data. But it doesn't allow to create a
 tenant again with the same tenant domain name until restart the server.

 Reason for above situation is tenant domain and id is keeping in a map(
 *tenantDomainIdMap*) inside the *JDBCTenantManager*. When perform
 delete operation it check the availability from this map.

 As per the discussion we can see following solutions for this.

 *Solution1*
 Check the tenant availability from database not from memory data, but
 this will be costly if it is a frequently perform operation.

 *Solution2*
 We can give a public access to delete the particular key in the map,
 this will be a security issue which people can pass tenant domain and
 perform deletion.

 *Solution3*
 Run a periodic operation which check the availability of the tenant in
 the database and delete from map which are not exist.


 We are looking for a feedback on this.

 Thanks
 Godwin


 --
 *Godwin Amila Shrimal*
 Senior Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D*
 twitter: https://twitter.com/godwinamila

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --

 Thanks  regards,
 Nirmal

 Senior Software Engineer- Platform Technologies Team, WSO2 Inc.
 Mobile: +94715779733
 Blog: http://nirmalfdo.blogspot.com/



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 *Godwin Amila Shrimal*
 Senior Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D*
 twitter: https://twitter.com/godwinamila

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --

 Thanks  regards,
 Nirmal

 Senior Software Engineer- Platform Technologies Team, WSO2 Inc.
 Mobile: +94715779733
 Blog: http://nirmalfdo.blogspot.com/




 --
 S.Uthaiyashankar
 VP Engineering
 WSO2 Inc.
 http://wso2.com/ - lean . enterprise . middleware

 Phone: +94 714897591


 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




-- 

Thanks  regards,
Nirmal

Senior Software Engineer- Platform Technologies Team, WSO2 Inc.
Mobile: +94715779733
Blog: http://nirmalfdo.blogspot.com/
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] OpenID connect ID Token Implementation

2014-09-06 Thread Gayan Gunawardana 
Hi,

Currently WSO2 Identity Server has OpenID connect implantation, but It was
not fully compliance with OpenID connect specifications [1]. There are
couple of specifications like Core, Discovery, Dynamic Registration,
Session Management ...etc. OpenID connect ID Token implementation comes
under Core specification [2].

Basically ID Token contains claims about the authentication of an end-user
in Base64 encoded manner. ID Token is a JSON Web Token (JWT) and there
should be some mandatory attributes according to this [3].

Current implementation of WSO2 Identity Server there are some missing
mandatory attributes like

   - auth_time
   - nonce
   - at_hash
   - acr
   - amr

The effort is to include all these mandatory attributes and introduce
signing and encryption for ID Token. ID Tokens MUST be signed using JWS [4]
and optionally both signed and then encrypted using JWS and JWE [5]
respectively.


[1] http://openid.net/connect/

[2] http://openid.net/specs/openid-connect-core-1_0.html

[3] http://openid.net/specs/openid-connect-core-1_0.html#IDToken

[4] https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31

[5] https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-31
-- 
Gayan Gunawardana
Software Engineer; WSO2 Inc.; http://wso2.com/
Email: ga...@wso2.com
Mobile: +94 (71) 8020933
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] OpenID connect ID Token Implementation

2014-09-06 Thread Prabath Siriwardena 
+1

For JWS and JWE you can directly use Nimbus[1] java library which is
released under Apache 2.0 license..

[1]: http://connect2id.com/products/nimbus-jose-jwt/download

Thanks  regards,
-Prabath

On Sat, Sep 6, 2014 at 11:22 PM, Gayan Gunawardana ga...@wso2.com wrote:
 Hi,

 Currently WSO2 Identity Server has OpenID connect implantation, but It was
 not fully compliance with OpenID connect specifications [1]. There are
 couple of specifications like Core, Discovery, Dynamic Registration, Session
 Management ...etc. OpenID connect ID Token implementation comes under Core
 specification [2].

 Basically ID Token contains claims about the authentication of an end-user
 in Base64 encoded manner. ID Token is a JSON Web Token (JWT) and there
 should be some mandatory attributes according to this [3].

 Current implementation of WSO2 Identity Server there are some missing
 mandatory attributes like

 auth_time
 nonce
 at_hash
 acr
 amr

 The effort is to include all these mandatory attributes and introduce
 signing and encryption for ID Token. ID Tokens MUST be signed using JWS [4]
 and optionally both signed and then encrypted using JWS and JWE [5]
 respectively.



 [1] http://openid.net/connect/

 [2] http://openid.net/specs/openid-connect-core-1_0.html

 [3] http://openid.net/specs/openid-connect-core-1_0.html#IDToken

 [4] https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31

 [5] https://tools.ietf.org/html/draft-ietf-jose-json-web-encryption-31
 --
 Gayan Gunawardana
 Software Engineer; WSO2 Inc.; http://wso2.com/
 Email: ga...@wso2.com
 Mobile: +94 (71) 8020933



-- 
Thanks  Regards,
Prabath

Twitter : @prabath
LinkedIn : http://www.linkedin.com/in/prabathsiriwardena

Mobile : +94 71 809 6732

http://blog.facilelogin.com
http://blog.api-security.org
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture