airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Jayasekara <>
Subject Re: [GSoC] Status Update
Date Mon, 30 Jun 2014 07:38:13 GMT
Hi Supun,

Very good progress. Please see some inline comments.

On Sun, Jun 29, 2014 at 2:01 PM, Supun Nakandala <>

> Hi all,
> Based on the feedback received I extended the proxy user API. The thrift
> descriptors can be found at [1]. Also I incorporated the proxy API with PHP
> Reference Gateway (PHPRG) and tested it locally.
> Now PHPRG can support a more comprehensive user creation process using the
> proxy API. It supports *first name, last name, email*, organization,
> address, country, telephone, mobile, im, url while the bold ones are
> mandatory and others are optional fields. [create_account_1.png,
> create_account_1.png]
> The tenant admin (gateway admin) who can log in to the wso2 IS can view
> the users list and their profiles.[wso2_is_user_profile_1.png,
> wso2_is_user_profile_2.png]
>  The logged in user can also click on his username and change his password
> and update his profile. [update_password.png, update_user_profile.png].
> I have issues related to securing the communication between the gateway
> and the proxy user api as thrift is not supporting SSL for some programming
> languages including php(at least for now). What I am planning to do is to
> use PKI encryption when sending password information and to use short lived
> encrypted tokens during communication to avoid replay attacks.

Generally it needs significant effort to come up with a both secure and an
efficient security protocol. Even SSL uses symmetric key after initial
handshake (after exchanging symmetric key). Therefore it would be great if
you could use an existing PHP SSL library such as [2], instead of PKI
encrypted passwords. I dont know how much effort is needed to incorporate
such implementation to thrift layer. But I do believe this is something
people have already done.


-Thejaka Amila

> Thank you
> Supun
> [1] -

View raw message