Re: [Architecture] Issue in App subscription and Key generation with API Manager in AppFactory
Hi Samisa, I managed to get the description via the REST API provided by API-M. On Mon, Jun 17, 2013 at 4:42 AM, Samisa Abeysinghe sam...@wso2.com wrote: On Sun, Jun 16, 2013 at 10:27 PM, Punnadi Gunarathna punn...@wso2.comwrote: Hi, I figured it out. and the answer is... ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2 email: punn...@wso2.com lal...@wso2.com http://lalajisureshika.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Issue in App subscription and Key generation with API Manager in AppFactory
On Mon, Jun 17, 2013 at 9:39 PM, Punnadi Gunarathna punn...@wso2.comwrote: Hi Samisa, I managed to get the description via the REST API provided by API-M. Ok great. I was asking becuase, I too looked into the SQL script and could not find the description in there. So, must be it is stored somewhere else. This could be an issue when data migrating. ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Issue in App subscription and Key generation with API Manager in AppFactory
Hi all, While looking at this [1] we decided that we need an architectural change to make AF work with API-M. Problem - API-M doesn't support group subscription. So a group of developers/ownders cannot do a group subscription. So when AppOwner off foo-app subscribes to an API, if a developer of foo-app calls the APIM-REST API to get the list of APIs for foo-app it returns null. Right now AF is written to call the REST-APIs. So as a workaround when an Owner subscribe to an API we will store the unique identifier of the APIS. And we can show these APIs to rest of the developers. There is are two holes in the story - users can type the URL of APIM and go and subscribe. AppOwnder can type the URL and go and subscribe. Latter case is dangerous. There is no way for AF to store the subscribed API unique-id - what we can do is to do it at login/page load and etc Bottom line is we need group subscription to an application. thanks, dimuthu [1] https://wso2.org/jira/browse/APPFAC-1225 - Already subscribed APIs by an App Owner or a Developer should be visible to the team. On Sat, Jun 15, 2013 at 10:43 AM, Ushani Balasooriya ush...@wso2.comwrote: Hi Punnadi, +1 Allowing Subscribe to API only for App Owner and making them visible for the team. If that feature is implemented, following issues can be resolved at once. https://wso2.org/jira/browse/APPFAC-1230 - When a user clicks on Subscribed to API, user directs to the API Manager, with a different login which was already logged in and does not allow to log out https://wso2.org/jira/browse/APPFAC-1225 - Already subscribed APIs by an App Owner or a Developer should be visible to the team. https://wso2.org/jira/browse/APPFAC-1224 - Subscribe to an API should be enabled only for App Owner and Developer. For Dev Ops for Production key https://wso2.org/jira/browse/APPFAC-1235 - Application sandbox prod user tokens, consumer keys should be same for the app owner and developer Thanks and Regards, Ushani On Fri, Jun 14, 2013 at 10:30 PM, Isabelle Mauny isabe...@wso2.comwrote: +1 - also, only the App owner should be in the subscriber role. SSO needs to work for the AppOwner though. Isabelle. __ *Isabelle Mauny* Director, Product Management; WSO2, Inc.; http://wso2.com/ On Jun 14, 2013, at 6:53 PM, Ajanthan Balachandran ajant...@wso2.com wrote: On Fri, Jun 14, 2013 at 10:14 PM, Punnadi Gunarathna punn...@wso2.comwrote: Hi All, We have identified $subject and the scenario is as follows: AppOwner creates an Application called App1 in App Factory. He loggs-in to API Manger and subscript App1 with API1 and generate key pairs. He also invite few developers for App1. Based on the current implementation, any other developer who will login to App Factory will not be able to see the previous subscription or already generated keys and also since sso is enabled at API Manager front, they can subscribe the same application individually again with the API1 and generate new keys. But as per the requirement there should be only a single set of keys generated for sandbox and production separately for a particular application (It is true that we can regenerate keys and it is accepted). But with the above scenario, each person can generate different key sets for same application and this will be a hassle in terms of usage. As we discussed with Sumedha, API Manager currently does not support group wise key generation. Therefore we have come up with a below strategy to prevent each user from creating separate keys for the same application over and over again. That is, Only the AppOwner will have the privilege to subscribe to an API and re/generate keys with API Manager. The generated keys will be saved in DB and when other users (dev,qa,devops) login, they can only see the generated keys. We will also make SSO disabled and no buttons will be available in UI to go to API Manager for these user roles. If SSO is disabled(API store) how the appowner is going to login and subscribe to API(manually entering the credential again)? Feel free to share your feedback. -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2/ email: punn...@wso2.com lal...@wso2.com http://lalajisureshika.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- ajanthan -- Ajanthan Balachandiran Senior Software Engineer; Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ email: ajanthan http://goog_595075977/@wso2.com http://wso2.com/; cell: +94775581497 blog: http://bkayts.blogspot.com/ Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Issue in App subscription and Key generation with API Manager in AppFactory
On Fri, Jun 14, 2013 at 10:14 PM, Punnadi Gunarathna punn...@wso2.comwrote: Hi All, We have identified $subject and the scenario is as follows: AppOwner creates an Application called App1 in App Factory. He loggs-in to API Manger and subscript App1 with API1 and generate key pairs. He also invite few developers for App1. Based on the current implementation, any other developer who will login to App Factory will not be able to see the previous subscription or already generated keys and also since sso is enabled at API Manager front, they can subscribe the same application individually again with the API1 and generate new keys. But as per the requirement there should be only a single set of keys generated for sandbox and production separately for a particular application (It is true that we can regenerate keys and it is accepted). But with the above scenario, each person can generate different key sets for same application and this will be a hassle in terms of usage. As we discussed with Sumedha, API Manager currently does not support group wise key generation. Therefore we have come up with a below strategy to prevent each user from creating separate keys for the same application over and over again. That is, Only the AppOwner will have the privilege to subscribe to an API and re/generate keys with API Manager. The generated keys will be saved in DB and when other users (dev,qa,devops) login, they can only see the generated keys. We will also make SSO disabled and no buttons will be available in UI to go to API Manager for these user roles. If SSO is disabled(API store) how the appowner is going to login and subscribe to API(manually entering the credential again)? Feel free to share your feedback. -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2 email: punn...@wso2.com lal...@wso2.com http://lalajisureshika.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- ajanthan -- Ajanthan Balachandiran Senior Software Engineer; Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ email: ajanthan http://goog_595075977@wso2.com; cell: +94775581497 blog: http://bkayts.blogspot.com/ Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Issue in App subscription and Key generation with API Manager in AppFactory
+1 - also, only the App owner should be in the subscriber role. SSO needs to work for the AppOwner though. Isabelle. __ Isabelle Mauny Director, Product Management; WSO2, Inc.; http://wso2.com/ On Jun 14, 2013, at 6:53 PM, Ajanthan Balachandran ajant...@wso2.com wrote: On Fri, Jun 14, 2013 at 10:14 PM, Punnadi Gunarathna punn...@wso2.com wrote: Hi All, We have identified $subject and the scenario is as follows: AppOwner creates an Application called App1 in App Factory. He loggs-in to API Manger and subscript App1 with API1 and generate key pairs. He also invite few developers for App1. Based on the current implementation, any other developer who will login to App Factory will not be able to see the previous subscription or already generated keys and also since sso is enabled at API Manager front, they can subscribe the same application individually again with the API1 and generate new keys. But as per the requirement there should be only a single set of keys generated for sandbox and production separately for a particular application (It is true that we can regenerate keys and it is accepted). But with the above scenario, each person can generate different key sets for same application and this will be a hassle in terms of usage. As we discussed with Sumedha, API Manager currently does not support group wise key generation. Therefore we have come up with a below strategy to prevent each user from creating separate keys for the same application over and over again. That is, Only the AppOwner will have the privilege to subscribe to an API and re/generate keys with API Manager. The generated keys will be saved in DB and when other users (dev,qa,devops) login, they can only see the generated keys. We will also make SSO disabled and no buttons will be available in UI to go to API Manager for these user roles. If SSO is disabled(API store) how the appowner is going to login and subscribe to API(manually entering the credential again)? Feel free to share your feedback. -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com email: punn...@wso2.com ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- ajanthan -- Ajanthan Balachandiran Senior Software Engineer; Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ email: ajant...@wso2.com; cell: +94775581497 blog: http://bkayts.blogspot.com/ Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Re: [Architecture] Issue in App subscription and Key generation with API Manager in AppFactory
Hi Punnadi, +1 Allowing Subscribe to API only for App Owner and making them visible for the team. If that feature is implemented, following issues can be resolved at once. https://wso2.org/jira/browse/APPFAC-1230 - When a user clicks on Subscribed to API, user directs to the API Manager, with a different login which was already logged in and does not allow to log out https://wso2.org/jira/browse/APPFAC-1225 - Already subscribed APIs by an App Owner or a Developer should be visible to the team. https://wso2.org/jira/browse/APPFAC-1224 - Subscribe to an API should be enabled only for App Owner and Developer. For Dev Ops for Production key https://wso2.org/jira/browse/APPFAC-1235 - Application sandbox prod user tokens, consumer keys should be same for the app owner and developer Thanks and Regards, Ushani On Fri, Jun 14, 2013 at 10:30 PM, Isabelle Mauny isabe...@wso2.com wrote: +1 - also, only the App owner should be in the subscriber role. SSO needs to work for the AppOwner though. Isabelle. __ *Isabelle Mauny* Director, Product Management; WSO2, Inc.; http://wso2.com/ On Jun 14, 2013, at 6:53 PM, Ajanthan Balachandran ajant...@wso2.com wrote: On Fri, Jun 14, 2013 at 10:14 PM, Punnadi Gunarathna punn...@wso2.comwrote: Hi All, We have identified $subject and the scenario is as follows: AppOwner creates an Application called App1 in App Factory. He loggs-in to API Manger and subscript App1 with API1 and generate key pairs. He also invite few developers for App1. Based on the current implementation, any other developer who will login to App Factory will not be able to see the previous subscription or already generated keys and also since sso is enabled at API Manager front, they can subscribe the same application individually again with the API1 and generate new keys. But as per the requirement there should be only a single set of keys generated for sandbox and production separately for a particular application (It is true that we can regenerate keys and it is accepted). But with the above scenario, each person can generate different key sets for same application and this will be a hassle in terms of usage. As we discussed with Sumedha, API Manager currently does not support group wise key generation. Therefore we have come up with a below strategy to prevent each user from creating separate keys for the same application over and over again. That is, Only the AppOwner will have the privilege to subscribe to an API and re/generate keys with API Manager. The generated keys will be saved in DB and when other users (dev,qa,devops) login, they can only see the generated keys. We will also make SSO disabled and no buttons will be available in UI to go to API Manager for these user roles. If SSO is disabled(API store) how the appowner is going to login and subscribe to API(manually entering the credential again)? Feel free to share your feedback. -- Thanks and Regards, Punnadi Gunarathna Senior Software Engineer, WSO2, Inc.; http://wso2.com http://wso2/ email: punn...@wso2.com lal...@wso2.com http://lalajisureshika.blogspot.com/ ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- ajanthan -- Ajanthan Balachandiran Senior Software Engineer; Solutions Technologies Team ;WSO2, Inc.; http://wso2.com/ email: ajanthan http://goog_595075977/@wso2.com http://wso2.com/; cell: +94775581497 blog: http://bkayts.blogspot.com/ Lean . Enterprise . Middleware ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture -- *Ushani Balasooriya* Software Engineer - QA; WSO2 Inc; http://www.wso2.com/. Mobile; +94772636796 ___ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture