Re: [Architecture] [Dev] [VOTE] Release WSO2 IoT Server 3.2.0 RC4

[Milan Perera]

Hi all,

I have tested the data archival feature in MySQL 5.5, 5.6, and 5.7.

[+] Stable - Go ahead and release

Regards,


On Fri, Mar 2, 2018 at 7:22 PM, Shavindri Dissanayake 
wrote:

> Hi,
>
> - Enrolled the virtual fire-alarm and sent a ring operation.
> - Enrolled the AVD and sent a ring operation.
> - Applied policies on a device and revoked a policy successfully.
> - Tested the remote control screen view
> - Grouped devices.
>
> [+] Stable - Go ahead and release
>
>
> Thanks & Regards
> Shavindri Dissanayake
> Senior Technical Writer
>
> WSO2 Inc.
> lean.enterprise.middleware
>
> On Fri, Mar 2, 2018 at 5:39 PM, Sumedha Rubasinghe 
> wrote:
>
>> Installed on a remote machine against MySQL 5.5.
>> Tested
>> -Device type API
>> -Message broker functionality
>> -stream processing
>>
>>
>> [+] Stable - Go ahead and release
>>
>> On Mar 2, 2018 3:02 AM, "Rasika Perera"  wrote:
>>
>> Hi Devs,
>>
>> We are pleased to announce the release candidate of WSO2 IoT Server 3.2.0
>> .
>>
>> This is the fourth release candidate (RC) of the WSO2 IoT Server 3.2.0
>> release.
>>
>> This release carries 275+ issue fixes [1-12] over the last GA (3.1.0)
>> release.
>>
>> Reported Issues:
>>
>>- https://github.com/wso2/product-iots/issues
>>
>> Source and distribution packages:
>>
>>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC4
>>
>> Tag to be voted upon:
>>
>>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC4
>>
>> Please download, test, and vote. The README file under the distribution
>> contains guide and instructions on how to try it out locally.
>>
>> [+] Stable - Go ahead and release
>> [-] Broken - Do not release (explain why)
>>
>> [1] https://github.com/wso2/product-iots/milestone/3?closed=1
>> [2] https://github.com/wso2/product-iots/milestone/4?closed=1
>> [3] https://github.com/wso2/product-iots/milestone/5?closed=1
>> [4] https://github.com/wso2/product-iots/milestone/6?closed=1
>> [5] https://github.com/wso2/product-iots/milestone/7?closed=1
>> [6] https://github.com/wso2/product-iots/milestone/11?closed=1
>> [7] https://github.com/wso2/product-iots/milestone/12?closed=1
>> [8] https://github.com/wso2/product-iots/milestone/13?closed=1
>> [9] https://github.com/wso2/product-iots/milestone/14?closed=1
>> [10] https://github.com/wso2/product-iots/milestone/18?closed=1
>> [11] https://github.com/wso2/product-iots/milestone/19?closed=1
>> [12] https://github.com/wso2/product-iots/milestone/20?closed=1
>>
>> Regards,
>> The WSO2 IoT Team.
>>
>> --
>> With Regards,
>>
>> *Rasika Perera*
>> Senior Software Engineer
>> LinkedIn: http://lk.linkedin.com/in/rasika90
>>
>> <http://wso2.com/signature>
>>
>> WSO2 Inc. www.wso2.com
>> lean.enterprise.middleware
>>
>>
>>
>> ___
>> Dev mailing list
>> d...@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 IoT Server 3.2.0 RC3

[Milan Perera]

Hi all,

I have tested the data archival feature in MySQL 5.5, 5.6, and 5.7 and it
works as expected.

[+] Stable - Go ahead and release

Regards,


On Thu, Mar 1, 2018 at 2:40 AM, Rasika Perera  wrote:

> Hi Devs,
>
> We are pleased to announce the release candidate of WSO2 IoT Server 3.2.0.
>
> This is the third release candidate (RC) of the WSO2 IoT Server 3.2.0
> release.
>
> This release carries 275+ issue fixes [1-12] over the last GA (3.1.0)
> release.
>
> Reported Issues:
>
>- https://github.com/wso2/product-iots/issues
>
> Source and distribution packages:
>
>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC3
>
> Tag to be voted upon:
>
>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC3
>
> Please download, test, and vote. The README file under the distribution
> contains guide and instructions on how to try it out locally.
>
> [+] Stable - Go ahead and release
> [-] Broken - Do not release (explain why)
>
> [1] https://github.com/wso2/product-iots/milestone/3?closed=1
> [2] https://github.com/wso2/product-iots/milestone/4?closed=1
> [3] https://github.com/wso2/product-iots/milestone/5?closed=1
> [4] https://github.com/wso2/product-iots/milestone/6?closed=1
> [5] https://github.com/wso2/product-iots/milestone/7?closed=1
> [6] https://github.com/wso2/product-iots/milestone/11?closed=1
> [7] https://github.com/wso2/product-iots/milestone/12?closed=1
> [8] https://github.com/wso2/product-iots/milestone/13?closed=1
> [9] https://github.com/wso2/product-iots/milestone/14?closed=1
> [10] https://github.com/wso2/product-iots/milestone/18?closed=1
> [11] https://github.com/wso2/product-iots/milestone/19?closed=1
> [12] https://github.com/wso2/product-iots/milestone/20?closed=1
>
> Regards,
> The WSO2 IoT Team.
>
> --
> With Regards,
>
> *Rasika Perera*
> Senior Software Engineer
> LinkedIn: http://lk.linkedin.com/in/rasika90
>
> <http://wso2.com/signature>
>
> WSO2 Inc. www.wso2.com
> lean.enterprise.middleware
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 IoT Team Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iot-group+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 IoT Server 3.2.0 RC2

[Milan Perera]

t;>>>
>>>>>>> 1. Android Device Enrollment
>>>>>>> 2  Invoking Ring, Message, Location Operation
>>>>>>> 3. Configuring Geo Alerts
>>>>>>> 3. Adding Stationary, Exit and Entry Alerts
>>>>>>> 4. Adding a new Device Type
>>>>>>>
>>>>>>> I am +1 to release.
>>>>>>>
>>>>>>>
>>>>>>> Thanks and Regards,
>>>>>>>
>>>>>>> Ruwan Yatawara
>>>>>>>
>>>>>>> Technical Lead,
>>>>>>> WSO2 Inc.
>>>>>>>
>>>>>>> email : ruw...@wso2.com
>>>>>>> mobile : +94 77 9110413
>>>>>>> http://ruwansrants.blogspot.com/
>>>>>>> https://500px.com/ruwan_ace
>>>>>>> https://medium.com/@ruwanyatawara
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Feb 26, 2018 at 2:17 AM, Rasika Perera 
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Devs,
>>>>>>>>
>>>>>>>> We are pleased to announce the release candidate of WSO2 IoT Server
>>>>>>>>  3.2.0.
>>>>>>>>
>>>>>>>> This is the second release candidate (RC) of the WSO2 IoT Server 3.2.0
>>>>>>>> release.
>>>>>>>>
>>>>>>>> This release carries 275+ issue fixes [1-12] over the last GA (3.1.0)
>>>>>>>> release.
>>>>>>>>
>>>>>>>> Reported Issues:
>>>>>>>>
>>>>>>>>- https://github.com/wso2/product-iots/issues
>>>>>>>>
>>>>>>>> Source and distribution packages:
>>>>>>>>
>>>>>>>>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC2
>>>>>>>>
>>>>>>>> Tag to be voted upon:
>>>>>>>>
>>>>>>>>- https://github.com/wso2/product-iots/releases/tag/v3.2.0-RC2
>>>>>>>>
>>>>>>>> Please download, test, and vote. The README file under the
>>>>>>>> distribution contains guide and instructions on how to try it out 
>>>>>>>> locally.
>>>>>>>>
>>>>>>>> [+] Stable - Go ahead and release
>>>>>>>> [-] Broken - Do not release (explain why)
>>>>>>>>
>>>>>>>> [1] https://github.com/wso2/product-iots/milestone/3?closed=1
>>>>>>>> [2] https://github.com/wso2/product-iots/milestone/4?closed=1
>>>>>>>> [3] https://github.com/wso2/product-iots/milestone/5?closed=1
>>>>>>>> [4] https://github.com/wso2/product-iots/milestone/6?closed=1
>>>>>>>> [5] https://github.com/wso2/product-iots/milestone/7?closed=1
>>>>>>>> [6] https://github.com/wso2/product-iots/milestone/11?closed=1
>>>>>>>> [7] https://github.com/wso2/product-iots/milestone/12?closed=1
>>>>>>>> [8] https://github.com/wso2/product-iots/milestone/13?closed=1
>>>>>>>> [9] https://github.com/wso2/product-iots/milestone/14?closed=1
>>>>>>>> [10] https://github.com/wso2/product-iots/milestone/18?closed=1
>>>>>>>> [11] https://github.com/wso2/product-iots/milestone/19?closed=1
>>>>>>>> [12] https://github.com/wso2/product-iots/milestone/20?closed=1
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> The WSO2 IoT Team.
>>>>>>>>
>>>>>>>> --
>>>>>>>> With Regards,
>>>>>>>>
>>>>>>>> *Rasika Perera*
>>>>>>>> Senior Software Engineer
>>>>>>>> LinkedIn: http://lk.linkedin.com/in/rasika90
>>>>>>>>
>>>>>>>> <http://wso2.com/signature>
>>>>>>>>
>>>>>>>> WSO2 Inc. www.wso2.com
>>>>>>>> lean.enterprise.middleware
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> _______
>>>>>>> Architecture mailing list

[Architecture] [Announce] WSO2 Enterprise Integrator 6.1.1-update19 Released !

[Milan Perera]

Hi All,

The WSO2 Integration team is pleased to announce the release of Enterprise
Integrator 6.1.1-update19.

It is available for download from here
<https://github.com/wso2/product-ei/releases/tag/v6.1.1-update19>

*Tasks/Bug Fixes and Improvements*

   - https://github.com/wso2/product-ei/milestone/27?closed=1
   - https://wso2.org/jira/browse/ESBJAVA-5290?filter=14515


*​​List of Open Issues*

   - https://wso2.org/jira/browse/ESBJAVA-5283?filter=13994
   - https://github.com/wso2/product-ei/issues?q=is%3Aopen+is%3Aissue


*Documentation*

   - https://docs.wso2.com/display/EI611/WSO2+Enterprise+Integrat
   or+Documentation


*How To Contribute*

Your feedback is most welcome!

*Reporting Issues​*

We encourage you to report issues, improvements and feature requests
regarding WSO2 Integrator through WSO2 EI GIT Issues
<https://github.com/wso2/product-ei/issues>.

*Mailing Lists*

Join our mailing lists and correspond with the developers directly.

Developer List : d...@wso2.org | Subscribe | Mail Archive

WSO2 Architecture List: architecture@wso2.org

User Forum : StackOverflow <https://stackoverflow.com/tags/wso2/info>


~ The WSO2 Integration Team ~


-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 IoT Server 3.1.0 RC version 4

[Milan Perera]

Hi all,

Thanks for testing and verifying the WSO2 IoT Server RC4. We are closing
the vote now. This vote has passed with 15 (+1)s and 0 (-1)s. Therefore we
are proceeding with the WSO2 IoT Server 3.1.0 release.

15  (+1)
0(-1)

Regards,

On Mon, Aug 14, 2017 at 6:32 PM, Nirothipan Mehalingam 
wrote:

> Hi ,
>
> I have tested the Android Virtual Device Installation with Linux and Mac
> OS and found no issues.
>
> [+] Stable - go ahead and release.
>
> Thank you
> M.Nirothipan
>
> On Fri, Aug 11, 2017 at 7:06 PM, Milan Perera  wrote:
>
>> Hi Devs,
>>
>> We are pleased to announce the release candidate version 4 of WSO2 IoT Server
>> 3.1.0.
>>
>> Please download, test the product and vote. Vote will be open for 72
>> hours or as needed.
>>
>> Known issues : https://github.com/wso2/product-iots/issues-RC4
>> <https://github.com/wso2/product-iots/issues?q=is%3Aopen+is%3Aissue+label%3A3.1.0-RC3>
>>
>> Source and binary distribution files:
>> https://github.com/wso2/product-iots/releases/tag/v3.1.0-RC4
>>
>> The tag to be voted upon:
>> https://github.com/wso2/product-iots/tree/v3.1.0-RC4
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thank you
>>
>> Regards,
>> --
>> *Milan Perera *| Senior Software Engineer
>> WSO2, Inc | lean. enterprise. middleware.
>> #20, Palm Grove, Colombo 03, Sri Lanka
>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
>> Email: mi...@wso2.com  | Web: www.wso2.com
>> <http://lk.linkedin.com/in/milanharinduperera>
>> <https://wso2.com/signature>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "WSO2 IoT Team Group" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to iot-group+unsubscr...@wso2.com.
>> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>>
>
>
>
> --
>
> *M.Nirothipan*
> Software Engineer
> WSO2
>
>
>
> *Mobile : +94 77 2172692 <+94%2077%20217%202692>  Web :
> http://wso2.com/ <http://wso2.com/>*
>



-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [Dev] [VOTE] Release of WSO2 IoT Server 3.1.0 RC version 4

[Milan Perera]

Hi Devs,

We are pleased to announce the release candidate version 4 of WSO2 IoT Server
3.1.0.

Please download, test the product and vote. Vote will be open for 72 hours
or as needed.

Known issues : https://github.com/wso2/product-iots/issues-RC4
<https://github.com/wso2/product-iots/issues?q=is%3Aopen+is%3Aissue+label%3A3.1.0-RC3>

Source and binary distribution files:
https://github.com/wso2/product-iots/releases/tag/v3.1.0-RC4

The tag to be voted upon:
https://github.com/wso2/product-iots/tree/v3.1.0-RC4

Please vote as follows.
[+] Stable - go ahead and release
[-] Broken - do not release (explain why)

Thank you

Regards,
-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release of WSO2 IoT Server 3.1.0 RC version 2

[Milan Perera]

Hi all,

I have tested following scenarios for iOS.

As an admin:

   - Enrolled a device
   - Execute operations (Lock, Ring, Notification, Location, Enterprise
   wipe)
   - Added a policy (restriction)
   - Installed an enterprise application

As an user:

   - Self sign up an user
   - Enrolled a device
   - Execute operations
   - (Lock, Ring, Notification, Location, Enterprise wipe)
   - Added a policy (restriction)
   - Installed an enterprise application


Found no issues.

[+] Stable - go ahead and release

Regards,

On Mon, Jul 24, 2017 at 12:28 AM, Madhawa Perera  wrote:

> Hi Devs,
>
> We are pleased to announce the release candidate version 2 of WSO2 IoT
> Server 3.1.0.
>
> Please download, test the product and vote. Vote will be open for 72 hours
> or as needed.
>
> Known issues : https://github.com/wso2/product-iots/issues?q=is%
> 3Aopen+is%3Aissue+label%3A3.1.0-RC1
>
> Source and binary distribution files:
> https://github.com/wso2/product-iots/releases/tag/v3.1.0-RC2
>
> The tag to be voted upon:
> https://github.com/wso2/product-iots/tree/v3.1.0-RC2
>
> Please vote as follows.
> [+] Stable - go ahead and release
> [-] Broken - do not release (explain why)
>
> Thank you
> Best Regards,
> WSO2 IoT Team
>
> --
> Madhawa Perera
> *Software Engineer*
> Mobile : +94 (0) 773655496 <+94%2077%20365%205496>
> <%2B94%20%280%29%20773%20451194>
> madha...@wso2.com
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "WSO2 IoT Team Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to iot-group+unsubscr...@wso2.com.
> For more options, visit https://groups.google.com/a/wso2.com/d/optout.
>



-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Fwd: [Dev] [IS] Features to be included in IS 5.4.0 which required for APIM 3.0

[Milan Perera]

Hi Indunil,

Please find my concerns on scope registration and binding below (inline).


>
>- Scope can be bound with roles or permissions - Uses scope to role
>binding in APIM and uses scope to permission binding in IoT.
>
>
>- Both of the above bindings are stored in "IDN_OAUTH2_SCOPE" table
>where roles and permissions both are stored as a comma separated string in
>same column named "ROLES". AFAIU, there is no indication with a prefix in
>scope registration, where to separate the two bindings.
> *There can be other bindings which will be added in future, isn't it
>better to renamed the field as "BINDINGS"? There can be a situation where
>both set of roles and permissions are bound to a scope? *
>
> ​+1 for renaming this since it makes sense to store them (permission/role)
in a generic field.​


>
>-
>
>
>- In scope validation, currently there are validators for role based
>and permission based. The corresponding validator will be selected based on
>the prefix (ex: Permission based scope validator only validates the scope
>which are having "perm" as the prefix of the scopes) and if scope prefix is
>not defined, those will directly go to the default role based scope
>validator. *How this prefix has to be considered and validated in
>scope registration with the bindings?*
>
> ​At the time IoT team developed this, we have implemented a scope
validating handler [1]​

​which picks the relevant scope validator based on the scope prefix (ex: if
prefix is 'perm', it picks PermissionBasedScopeValidator [2])​. This
handler is pointed in the identity.xml under ScopeValidator element. The
handler maintains a Map  in the data holder where scope validator will be stored against its
prefix at the service registration time. However, currently prefix of the
scope validators are set manually as in [3] and it would be ideal if we can
add a prefix attribute to the OAuth2ScopeValidator abstract class [4] so
that when implementing the validator, prefix can be defined. So by the time
it gets registered, we can easily call a getPrefix() method and have it
register. Similar approach is also being used in the APIM for registering
multiple scope issuers [5].

>
>- In scope registration, AFAIU, scope key and name are the essential
>details to be included. *What is the difference of theses and where
>these values will be used? scope key is the unique value which need to be
>considered in scope binding?*
>
> ​AFAIK, scope name is a human understandable name compared to the key and
it is used in the publisher at the time of scope assigning to a particular
resource. ​



​[1] ​https://github.com/wso2/carbon-device-mgt/blob/master/
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/
src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/handlers/
ScopeValidationHandler.java

[2] https://github.com/wso2/carbon-device-mgt/blob/master/
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/
src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/validators/
PermissionBasedScopeValidator.java

[3] https://github.com/wso2/carbon-device-mgt/blob/master/
components/identity-extensions/org.wso2.carbon.device.mgt.oauth.extensions/
src/main/java/org/wso2/carbon/device/mgt/oauth/extensions/internal/
OAuthExtensionServiceComponent.java#L70-L73

[4] https://github.com/wso2-extensions/identity-inbound-
auth-oauth/blob/master/components/org.wso2.carbon.
identity.oauth/src/main/java/org/wso2/carbon/identity/oauth2/validators/
OAuth2ScopeValidator.java

[5] https://github.com/wso2/carbon-apimgt/blob/6.1.x/
components/apimgt/org.wso2.carbon.apimgt.keymgt/src/main/
java/org/wso2/carbon/apimgt/keymgt/internal/APIKeyMgtServiceComponent.
java#L232


​Regards,​

-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Device Connectivity Graph for IoT Server & related concerns

[Milan Perera]

Hi Ruwan,

+1 for the idea.

>
> I also propose that we, take out the option for users to enable/disable
> data publishing from the agent side, and make it implicit.
> This was added in an extensible way so that data /log publishing to
> outside systems such as splunk can be done by using the extension points
> for custom scenarios.
>

If we are to make it implicit, I think we should also make it extensible so
that we can plug external data/log publishers to the system when it is
needed.

Regards,​

-- 
*Milan Perera *| Senior Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 IoT Server 3.0.0 RC2

[Milan Perera]

Hi,

I have tested following scenarios.

   - Installed iOS mobile plugin and configured the IoTS.
   - Enrolled iOS mobile device (v 10.1) as admin.
   - Executed device lock, ring, location, notification operations.
   - Added a restriction via a policy.
   - Installed public, enterprise and web applications via app store.
   - Un-enrolled the device.
   - Created a new user with a necessary permissions.
   - Enrolled the device using newly created user.
   - Tested the same operations as above.


[+] Stable - go ahead and release.

Regards,


On Fri, Jan 20, 2017 at 10:33 PM, Rasika Perera  wrote:

> [-architecture, -dev]
>
> Guys,
>
> Please vote on your tested areas.
>
> Thanks,
> Rasika
>
> On Fri, Jan 20, 2017 at 10:29 PM, Rasika Perera  wrote:
>
>> Hi Devs,
>>
>> *WSO2 ​IoT ​Server ​3.0.0-RC2 Released*
>>
>> This is the 2nd Release Candidate of the WSO2
>> ​IoT Server​
>>
>> ​3​
>> .0.0
>>
>> Please download, test the product and vote.
>>
>> *​*Known issues  :
>>  https://wso2.org/jira/issues/?filter=13634
>> Fixes provided :​
>> https://wso2.org/jira/issues/?filter=13635
>>
>> *Source and binary distribution files:*
>> https://github.com/wso2/product-iots/releases/tag/v3.0.0-RC2
>>
>> *The tag to be voted upon:*
>> https://github.com/wso2/product-iots/tree/v3.0.0-RC2
>>
>> Please vote as follows.
>> [+] Stable - go ahead and release
>> [-] Broken - do not release (explain why)
>>
>> Thanks,
>> ~WSO2 IoT Team~
>>
>> --
>> With Regards,
>>
>> *Rasika Perera*
>> Software Engineer
>> LinkedIn: http://lk.linkedin.com/in/rasika90
>>
>> <http://wso2.com/signature>
>>
>> WSO2 Inc. www.wso2.com
>> lean.enterprise.middleware
>>
>
>
>
> --
> With Regards,
>
> *Rasika Perera*
> Software Engineer
> LinkedIn: http://lk.linkedin.com/in/rasika90
>
> <http://wso2.com/signature>
>
> WSO2 Inc. www.wso2.com
> lean.enterprise.middleware
>



-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] [VOTE] Release WSO2 Enterprise Mobility Manager 2.2.0 RC2

[Milan Perera]

Tested following scenarios under admin role:


   1. Configured and enrolled iOS device.
   2. Installed iOS agent.
   3. Executed following operations:
   - Lock
  - Location
  - Enterprise wipe
  - Notification
  - Ring
   4. Added an iOS device policy (disable camera)
   5. Revoked the policy.
   6. Added a role with limited permissions
   7. Added an user under above role
   8. Invited user via mail

Tested following scenarios under user role:

   1. Installed iOS agent.
   2. Enrolled an user (who has limited permissions)
   3. Executed following operations:
   - Lock
  - Location
  - Enterprise wipe
  - Notification
  - Ring
   4. Installed an ios enterprise app via store
   5. Uninstalled app via store


*[+] - Stable - go ahead and release.*

Regards,


-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Enabling iOS enrollment to EMM without an agent

[Milan Perera]

Hi Dulitha,

We support this from EMM 2.2.0 onwards. We have already implemented this
and will be available in the upcoming release.

Regards,

On Fri, Nov 4, 2016 at 2:32 PM, Dulitha Wijewantha  wrote:

> Hi guys,
> Agent app is not a must for the iOS MDM enrollment. The only 3 features we
> get from the Agent app are
>
> * Location
> * Ring
> * Message
>
> Can we support the web browser based enrollment without an App? This would
> be an improvement to the current enrollment jaggery app to finish the flow
> if someone doesn't come through the mobile app.
>
> Cheers~
>
> --
> Dulitha Wijewantha (Chan)
> Software Engineer - Mobile Development
> WSO2 Inc
> Lean.Enterprise.Middleware
>  * ~Email   duli...@wso2.com *
> *  ~Mobile +94712112165 <%2B94712112165>*
> *  ~Website   dulitha.me <http://dulitha.me>*
> *  ~Twitter @dulitharw <https://twitter.com/dulitharw>*
>   *~Github @dulichan <https://github.com/dulichan>*
>   *~SO @chan <http://stackoverflow.com/users/813471/chan>*
>



-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM] Support For Device Management Policy Merging

[Milan Perera]

Hi Supun,

I think its better to have a composite version of these suggestions.

For ex: lets assume we have a situation where multiple policies get
collided over same set of features.
If that is the case, as proposed in suggestion one, we can let admin to
prioritize them according to his/her wishes using a method which is
suggested in 2nd option
so that when there's a conflicting scenario, we can redirect them to policy
priority section saying this and that features are overlapped and please
prioritize them to be merged.

WDYT?

Regards,

On Thu, Sep 8, 2016 at 12:00 PM, Supun Wanniarachchi 
wrote:

> Hi All,
>
> Existing CDMF device management policy enforcement implementation in EMM
> supports applying only one policy upon devices based on an
> administrator-defined priority order.
>
> For instance, assume an instance where two policies (mentioned below) are
> supposed to be applied on managed devices.
>
> 1. Disable camera on all android devices -> Policy_B
>
> 2. Disable wifi on all android devices which belong to role "user-group A"
> -> Policy_A
>
>
> If we take an android device which belongs to a user in user-group A,
> ideally, both the aforementioned policies should be applied on the said
> device. But due to the limitations in existing policy implementation, only
> the Policy_B (First policy in the priority list) will be applied as that’s
> what’s been prioritized by the policy priority order.
>
> New Feature for Composite Device Management Policies:
>
> This new feature helps merge discrete policies together and get composite
> effective policy without any conflicts. It should be enhanced further to be
> able to merge several of such discrete policies together (i.e camera
> disable, wifi disable) and enforce a composite effective policy upon
> managed devices.
>
> But considering the above example there will be conflicting situation
> happen when we are going to merge these policies.
>
> 1. Disable camera on all android devices -> Policy_B (Android, BYOD)
>
> 2. Enable camera on all devices which belong to role "user-group A" ->
> Policy_E (Android, ANY)
>
> In this case, it’s hard to find what’s the exact operation apply to the
> device when we are creating  effective policy. Previously there was not
> this kind of situation because only applied one policy using policy
> priority order.  Get rid of this issue we can do policy merging task as two
> different ways(Proposed suggestion 1, Proposed suggestion 2).
>
> *Proposed suggestion 1*:
>
> [image: emm2.jpg]
>
>-
>
>Use existing priority order and get the first applicable policy if
>there’s any conflict situation.
>-
>
>Merge several of such discrete policies together and enforce a
>composite effective policy to the device.
>
>
> *Proposed suggestion 2*:
>
> [image: emm.jpg]
>
>
>
>-
>
>User can add any number of policies for different ownership, role or
>user and save. Without using using existing priority order.
>-
>
>But when we are doing “Apply changes to devices” event, it works as
>above diagram.
>-
>
>Restrict to apply two conflicting policies for one device. If there’s
>any conflicts, use the Resolution Mechanism for avoid these issues.
>
>
> Resolution Mechanism for conflicts policies
>
>
>-
>
>Mainly check the feature level of each policies. (i.e
>Passcode,Restriction,Wifi,VPN). Check feature by feature if there’s
>any conflicts(Features has different role sets).
>
>
>-
>
>Display conflicts policy details separately and allow user to change
>the applicable policy of that particular role/user.
>
>
> In PDP there’s no any conflicts for both Proposed suggestion 1 and 2.
> Check whether which device get the effective policy and do policy merging
> process. Finally apply that effective policy for the device.
>
> I think *Proposed suggestion 2* is more effective way and Please share
> your thoughts on this.
>
>
> --
> Supun Wanniarachchi
> Intern
> WSO2, Inc.
>
> *Lean . Enterprise . Middleware *
> Mobile: +94 716326119
> Blog: http://blog.supun.me
> [image: https://lk.linkedin.com/in/supun-wanniarachchi-21b37a97]
> <https://lk.linkedin.com/in/supun-wanniarachchi-21b37a97>
>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>


-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [CDMF] Authorizing users to add device operations

[Milan Perera]

Hi all,

In CDMF, we are currently heading towards OAuth2 scope based authorization
mechanism by revamping current carbon permission based authorization
mechanism in order to support widely accepted standard for API
authorization.

As a result, we have to find a new way to do the $subject. So the problem
is that when a particular role has the permission to invoke an API endpoint
which is used to add an operation to a device, an user in that role can add
that operation irrespective of his ownership to that device.

For an example, lets say user A owns device D1 and he has the permission to
invoke operation add APIs. Since he already has the permission to invoke
APIs he can add operations by giving another device id like D2 even though
it does not belong to that user.

So the solution that was there before to overcome is that, we first check
whether a particular user who execute this operation holds the ownership of
the device or whether he/she is a device-mgt admin. Saying that, this
device-mgt admin is just a carbon permission which a role should have in
order to add operations to devices.

Since we are moving to scopes based authorization, this carbon permission
based check is not going work anymore. Therefor we should have to come up
with ideas to do it better.

Proposed suggestions

   1. Use a special scope such as "device-mgt:admin" so that who has that
   scope can add operations to devices that do not belong to him. For that,
   once the scope validation is done, valid scopes are stored in a threadlocal
   variable and check the specific scope at the authorization module.
   2. Use a pre-defined role such as "device-mgt-admin" so that user who is
   in that role can do the operations.

Please share your opinions on above or new suggestions are welcome.

Regards,

-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
<https://wso2.com/signature>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] Force Password Reset and Password History validation

[Milan Perera]

>
> My suggestion is: default should be to force the user and not give him/her
>> the option to use the old password, but make it configurable so the
>> scenarios I mentioned above could be catered, if required. WDYT?
>>
>
​+1 for having it as an configurable option​


-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [Dev] Force Password Reset and Password History validation

[Milan Perera]

​Hi Dulanja,​


> There can be a requirement where the system forces the user to change the
> password, but at the same time give him the option to use the old password.
> I've seen some financial organizations doing this.
>
>>
>>>
IMO, letting use of one of ​old password again creates a security threat.
Isn't it?

Regards,
-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM][Android] Enabling device firewall rules via EMM

[Milan Perera]

Hi Kasun,

 In that case most organizations need to give access only to a certain app
> which they would allow the end user to use. We can achieve that in Kiosk
> mode cleanly. Kiosk mode will enable us to enable a *certain app* in a
> certain time interval disabling all other apps from usage.
>

​We cannot assume that an organization will only use "*a certain app*".
Because most of the time, they use more than one. For an example, lets say
they have in house built enterprise apps which all should be allowed to
access network. ​But enabling only one app as in Kiosk mode will not
address the issue.
However if we are to use Kiosk mode in that way, then we should have to use
some other method like creating a new Launcher App for Android and enable
only white-listed apps in the launcher. In that way we can restrict the use
of other apps.

​Regards,​
-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM][Android] Enabling device firewall rules via EMM

[Milan Perera]

Hi Kasun,

I would also agree the fact that we should drop option 2 and the most
convenient way of doing it is to create VPN interface in the device and
filter network traffic.
However, I cannot understand how the "Kiosk mode" would help to do the
$subject. Would you please explain it bit further?

Thanks,

On Tue, Mar 22, 2016 at 1:05 PM, Kasun Dananjaya Delgolla 
wrote:

> Hi All,
>
> In mobile operating systems, what we can do to do $subject is blocking
> applications by accessing device network.
>
> I have been working on the $subject and was able to do a 2 way
> implementation using following approaches.
>
> 1. Creating a local VPN and blocking apps from using device mobile data
> and WIFI connections.
> 2. Using IPTables to create firewall rules (this requires ROOT access and
> not recommendable in off the shelf devices. (Creating IPTable records
> require "su" command via android shell).
>
> From above 2 approaches, if we take EMM theories in to consideration, we
> will have to drop option 2 because it compromises access. So we are left
> with option 1.
>
> While discussing, we thought that enabling "Kiosk mode" [1] should also be
> a proper solution to address this use case. We can simply enable Kiosk mode
> by using our android agent app (since it has device administrator
> privileges). But in a usual device (BYOD) this requires user intervention
> (user needs to grant access). In COPE mode(where the devices are provided
> by the organization and they can vendor sign our agent app so that it can
> become a privileged system app), we can simply enable Kiosk mode (Screen
> pinning) by making our agent app the "device owner"[2].
>
> Therefore I suggest tat we should re-think on $subject and try to make use
> of above discussed approach. WDYT?
>
> [1] - http://www.sureshjoshi.com/mobile/android-kiosk-mode-without-root/
> [2] - https://support.google.com/work/android/answer/6294687?hl=en
>
> Thanks
> --
> Kasun Dananjaya Delgolla
>
> Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
> Tel:  +94 11 214 5345
> Fax: +94 11 2145300
> Mob: + 94 771 771 015
> Blog: http://kddcodingparadise.blogspot.com
> Linkedin: *http://lk.linkedin.com/in/kasundananjaya
> <http://lk.linkedin.com/in/kasundananjaya>*
>



-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Have we looked at supporting "Kiosk" mode as part of the proposed "COPE" implementation?

[Milan Perera]

they have
>>>> implemented the API in EDU SDK which allows you to run deivce in KiOSK
>>>> mode. (Mainly used for schools).  Lets explore and see.
>>>>
>>>>
>>>> On Mon, Mar 7, 2016 at 10:35 AM, Inosh Perera  wrote:
>>>>
>>>>> Hi Prabath,
>>>>>
>>>>> This can be implemented in android the same way the app locker app
>>>>> works. Where you override the back button and make user only use one app.
>>>>> I'm not sure if there is any native API support to achieve the same in
>>>>> Android.
>>>>>
>>>>> [1].
>>>>> http://www.andreas-schrade.de/2015/02/16/android-tutorial-how-to-create-a-kiosk-mode-in-android/
>>>>>
>>>>> Regards,
>>>>> Inosh
>>>>>
>>>>> On Mon, Mar 7, 2016 at 10:28 AM, Prabath Abeysekera >>>> > wrote:
>>>>>
>>>>>> What about Android?
>>>>>>
>>>>>>
>>>>>> On Monday, March 7, 2016, Dilshan Edirisuriya 
>>>>>> wrote:
>>>>>>
>>>>>>> This has been implemented at backend as well. When DEP is ready we
>>>>>>> can create a UI and test the feature.
>>>>>>>
>>>>>>> On Sun, Mar 6, 2016 at 9:31 AM, Prabath Abeysekera <
>>>>>>> praba...@wso2.com> wrote:
>>>>>>>
>>>>>>>> For instance, check [1].
>>>>>>>>
>>>>>>>> [1] https://www.amtelnet.com/what-is-apple-ios-kiosk-mode/
>>>>>>>>
>>>>>>>> On Sun, Mar 6, 2016 at 9:29 AM, Prabath Abeysekera <
>>>>>>>> praba...@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> Guys, $Subject?
>>>>>>>>>
>>>>>>>>> Note: I assumed that "Kiosk mode" has to be associated with "COPE"
>>>>>>>>> as it sounds so. Correct me if I'm wrong.
>>>>>>>>>
>>>>>>>>> Cheers,
>>>>>>>>> Prabath
>>>>>>>>> --
>>>>>>>>> Prabath Abeysekara
>>>>>>>>> Technical Lead
>>>>>>>>> WSO2 Inc.
>>>>>>>>> Email: praba...@wso2.com
>>>>>>>>> Mobile: +94774171471
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Prabath Abeysekara
>>>>>>>> Technical Lead
>>>>>>>> WSO2 Inc.
>>>>>>>> Email: praba...@wso2.com
>>>>>>>> Mobile: +94774171471
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Dilshan Edirisuriya
>>>>>>> Senior Software Engineer - WSO2
>>>>>>> Mob: + 94 777878905
>>>>>>> http://wso2.com/
>>>>>>> https://www.linkedin.com/profile/view?id=50486426
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Prabath Abeysekara
>>>>>> Technical Lead
>>>>>> WSO2 Inc.
>>>>>> Email: praba...@wso2.com
>>>>>> Mobile: +94774171471
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Inosh Perera
>>>>> Software Engineer, WSO2 Inc.
>>>>> Tel: 077813 7285, 0785293686
>>>>>
>>>>> ___
>>>>> Architecture mailing list
>>>>> Architecture@wso2.org
>>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> *Shanmugarajah (Shan)*
>>>> Director, Mobile Architecture,
>>>> WSO2, Inc.; http://wso2.com
>>>> Email: s...@wso2.com
>>>> Mobile : +9448260
>>>> Blog: http://shanfour.blogspot.com
>>>>
>>>
>>>
>>>
>>> --
>>> Prabath Abeysekara
>>> Technical Lead
>>> WSO2 Inc.
>>> Email: praba...@wso2.com
>>> Mobile: +94774171471
>>>
>>
>>
>>
>> --
>> Inosh Perera
>> Software Engineer, WSO2 Inc.
>> Tel: 077813 7285, 0785293686
>>
>
>
>
> --
> Prabath Abeysekara
> Technical Lead
> WSO2 Inc.
> Email: praba...@wso2.com
> Mobile: +94774171471
>



-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM] Data Containerization for Android

[Milan Perera]

Hi Kamidu,

>
>>1. According to the initial example There is no restriction to the
>>web sites on personal profile, but in the enterprise profile, there are
>>some, If a user visits a certain website which result in corrupting or
>>duplicating the device storage how can we be sure the enterprise data is
>>safe?
>>
>> ​In the ideal situation, the browser that is pushed into the enterprise
> container should be configured for with app restrictions. For ex: we can
> set the browser to access only to certain sites, disable javascripts and
> etc.​
>
>
​To elaborate it more, android OS stores data in two different places for
these two containers(personal and enterprise). Theoretically, no one can
access managed profile's data without relevant access permissions.

Thanks,


-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM] Data Containerization for Android

[Milan Perera]

Hi Kamidu,

>
> With the initial mail and the secondary reply I have following
> clarifications.Can you please explain these.
>
>
>1. Why we need to separate work related work space(enterprise profile)
>and personal work space (personal profile) if the police and restrictions
>is going to be applied for the both workspaces?
>
> ​It is because of there is an usecase where enterprise wants to control
over the apps as well as the data which are pushed by the enterprise
itself. For ex: once we do the enterprise wipe​, all the applications which
are reside in the enterprise workspace will be removed along with their
application data.

>
>1. Does the enterprise profile have the control over when the personal
>profile can be activated?
>
> ​In our scenario, we are going to get both administrative access controls
along with the managed profile.​

​So if we apply polices to devices, it will adhere them without any issues
since we have the control over the device.​

>
>1. According to the initial example There is no restriction to the web
>sites on personal profile, but in the enterprise profile, there are some,
>If a user visits a certain website which result in corrupting or
>duplicating the device storage how can we be sure the enterprise data is
>safe?
>
> ​In the ideal situation, the browser that is pushed into the enterprise
container should be configured for with app restrictions. For ex: we can
set the browser to access only to certain sites, disable javascripts and
etc.​


>
>1. Can the user Install another Device Management Solution into
>personal space? Are we planning to handle the possibilities?
>
> ​For a particular device, there is only one managed profile can be
activated at a time. If any other application requests it from OS, user
will be prompt to take the action.​


​Thanks,​

-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM] Android agent auto enrollment

[Milan Perera]

Hi Inosh,

My concerns for the above proposed method as follows.

AFAIU, in here what we are trying to do is to minimize the user interaction
with the device as much as possible for the auto enrolment scenario.
However according to above method, user should have to connect the device
to a machine and has to run a script as well, hence it needs more
interaction.
Also, if we use ADB for this, there may be instance where PC does not
recognize the device, which ends up manually installing drivers and etc.

Why do we have to use ADB in order to do this?

Cant we use an embedded QR code reader or some other way to retrieve this
token?

Regards,

-- 
*Milan Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com
<http://lk.linkedin.com/in/milanharinduperera>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [Jaggery] Enabling HTTPS redirection for Jaggery Apps

[Milan Perera]

Hi,

We have enhanced the function '*addSecurityConstraints*' of '
*TomcatJaggeryWebAppDeployer*' to support HTTP to HTTPS redirection for
Jaggery Apps [1].

The configuration of enabling the function as follows.

   - Configure the http connector's *redirectPort* to https port in
   *catalina-servier.xml*. (By default this is already configured)


   - For ex:
 - redirectPort="9443"


   - Add following attributes to the *jaggery.conf* file of desired Jaggery
   Apps.


   -  "securityConstraints": [
  {
  "securityConstraint": {
  "webResourceCollection": {
  "name": "AppName",
  "urlPatterns": [
  "/*"
  ]
  },
  "userDataConstraint": {
  "transportGuarantee": "CONFIDENTIAL"
  }
  }
  }
  ]

Note: This can also be configured to support redirection for specific URLs
of apps as well.

[1]
https://github.com/wso2/jaggery/commit/549f194ddb0046be09555c411a92a73f7b9c
​Regards,​

-- 
*Milan Harindu Perera *| Software Engineer
WSO2, Inc | lean. enterprise. middleware.
#20, Palm Grove, Colombo 03, Sri Lanka
Mobile: +94 77 309 7088 | Work: +94 11 214 5345
Email: mi...@wso2.com  | Web: www.wso2.com

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [Dev] WSO2 EMM 2.0.0 Milestone - 6 Released

[Milan Perera]

Hi All,

WSO2 EMM 2.0.0 Milestone - 6 Released !

This is the sixth milestone of WSO2 EMM version 2.0.0. You can download the
milestone at [1]. Milestone - 6 specifically contains following features
and improvements.


Features:

Enhancements to policy management framework and compliance monitoring
framework.
iOS and Android policy monitoring components.
Tenant configuration Android and iOS.


References

[1] Respective products can be downloaded from,

MDM 2.0.0-M6

https://svn.wso2.org/repos/wso2/people/prabatha/MDM/2.0.0-M6/



​Regards,​

-- 
Milan Harindu Perera
Software Engineer
*WSO2, Inc*
(+94) 77 309 7088
lean . enterprise . middleware

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] BYOD - COPE Separation on EMM 2.0

[Milan Perera]

Hi all,

+1 for the idea.

Considering a BYOD dis-enrollment scenario, when an user sends a
dis-enrollment request to the system, are we going to change the device
state to a particular state (since we are already maintaining the device
life cycle) or introduce a new mechanism to support this process?

Regards,

On Wed, Jul 8, 2015 at 10:58 AM, Kasun Dananjaya Delgolla 
wrote:

> Hi All,
>
> Given below is the proposed workflows for the $subject.
>
> *Enrollment*
>
> *BYOD*
>
> Login -> License Agreement -> Enter critical operation PIN -> Registration
>
> *COPE*
>
> Login -> Registration
>
> *Dis-Enrollment*
>
> *BYOD -*
>
> [image: Inline image 2]
>
> *COPE - *
>
> *There will be no dis-enroll option for COPE devices. If a COPE device
> needs to be dis-enrolled, that has to be performed through the EMM console
> by the admin. Operation list will have a dis-enroll option to fulfill this
> requirement.*
>
> Please raise your concerns on this.
>
> Thanks
> --
> Kasun Dananjaya Delgolla
>
> Software Engineer
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
> Tel:  +94 11 214 5345
> Fax: +94 11 2145300
> Mob: + 94 771 771 015
> Blog: http://kddcodingparadise.blogspot.com
> Linkedin: *http://lk.linkedin.com/in/kasundananjaya
> *
>



-- 
Milan Harindu Perera
Software Engineer
*WSO2, Inc*
(+94) 77 309 7088
lean . enterprise . middleware

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture