airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Supun Nakandala <>
Subject Re: Notion of user roles in the PHP Reference Gateway
Date Mon, 30 Jun 2014 19:29:44 GMT
Hi Amila,

With a quick research on the functionality of WSO2 IS, I found that with
XACML based entitlement management and roles the expected behavior is
attainable. I am looking into this in more detail now.

Thank you

On Mon, Jun 30, 2014 at 1:23 PM, Amila Jayasekara <>

> Hi Supun,
> I would expect following; (others please correct me if I am wrong)
> We need to control access to API functions through roles. Also IS has a
> notion of permissions and resources. So the resources are mapped to
> functions defined in thrift API. So a permission would look like follows
> (hypothetically);
> permission = ("execute", /scigap/thrift/executeExperiment);
> We should be able to attach such permissions to roles. So when user
> invokes an API function we need to do following;
> 1. find user's role
> 2. examine role's permissions
> 3. check whether any role has permission relevant to invoking function
> AFAIK IS provided a way to define permissions and attach them to roles.
> You may need to check how those can be used through APIs and how achieve
> above described functionality.
> Regards
> -Thejaka Amila
> On Sun, Jun 29, 2014 at 2:19 PM, Supun Nakandala <
>> wrote:
>> Hi all,
>> I am in the process of incorporating the notion of roles to the PHP
>> Reference Gateway using the proxy user api that I am developing. WSO2 IS
>> enables the tenant admin (gateway admin) to create roles and assign users
>> to roles (many to many mapping). From the gateway side we can consume these
>> services and implement role based user functionality. The roles defined
>> will only be visible to that particular gateway(tenant).
>> I would like to know what type of role based functionality is required in
>> the context of the PHP Reference Gateway.
>> Thank you.
>> Supun

Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa

View raw message