airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Supun Nakandala <supun.nakand...@gmail.com>
Subject Re: Notion of user roles in the PHP Reference Gateway
Date Mon, 30 Jun 2014 19:29:44 GMT
Hi Amila,

With a quick research on the functionality of WSO2 IS, I found that with
XACML based entitlement management and roles the expected behavior is
attainable. I am looking into this in more detail now.

Thank you

On Mon, Jun 30, 2014 at 1:23 PM, Amila Jayasekara <thejaka.amila@gmail.com>
wrote:

> Hi Supun,
>
> I would expect following; (others please correct me if I am wrong)
>
> We need to control access to API functions through roles. Also IS has a
> notion of permissions and resources. So the resources are mapped to
> functions defined in thrift API. So a permission would look like follows
> (hypothetically);
>
> permission = ("execute", /scigap/thrift/executeExperiment);
>
> We should be able to attach such permissions to roles. So when user
> invokes an API function we need to do following;
> 1. find user's role
> 2. examine role's permissions
> 3. check whether any role has permission relevant to invoking function
>
> AFAIK IS provided a way to define permissions and attach them to roles.
> You may need to check how those can be used through APIs and how achieve
> above described functionality.
>
>
Thanks
> Regards
> -Thejaka Amila
>
>
>
>
> On Sun, Jun 29, 2014 at 2:19 PM, Supun Nakandala <
> supun.nakandala@gmail.com> wrote:
>
>> Hi all,
>>
>> I am in the process of incorporating the notion of roles to the PHP
>> Reference Gateway using the proxy user api that I am developing. WSO2 IS
>> enables the tenant admin (gateway admin) to create roles and assign users
>> to roles (many to many mapping). From the gateway side we can consume these
>> services and implement role based user functionality. The roles defined
>> will only be visible to that particular gateway(tenant).
>>
>> I would like to know what type of role based functionality is required in
>> the context of the PHP Reference Gateway.
>>
>> Thank you.
>> Supun
>>
>
>


-- 
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa

Mime
View raw message