airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marlon Pierce <marpi...@iu.edu>
Subject Re: [GSoC] Status Update
Date Wed, 02 Jul 2014 18:27:08 GMT
Hi Supun, this is fine with me if it helps David. In general you should 
break your work up into workable segments. From my quick look, this 
seems like a good segment.

Marlon

On 7/2/14, 2:22 PM, Reagan, David Michael wrote:
> If roles are not currently in the user API, then I don’t need it yet. But please let
me know as soon as roles are ready.
>
> I imagine it is OK to use the same server as wso2, but I’m not really in a position
to know. Perhaps someone else can comment?
>
> Dave
>
> From: Supun Nakandala [mailto:supun.nakandala@gmail.com]
> Sent: Wednesday, July 02, 2014 2:09 PM
> To: dev@airavata.apache.org
> Subject: Re: [GSoC] Status Update
>
> There is a requirement of incorporating roles and permissions functionality to the user
API. Currently I am working on it. But until then if we want we can go for a deployment of
the current version of the server and get the PHP Reference Gateway work with user API. I
can deploy it in the same server where wso2 IS is deployed. Is it okay to do so?
>
> On Wed, Jul 2, 2014 at 11:24 PM, Reagan, David Michael <dmreagan@iu.edu<mailto:dmreagan@iu.edu>>
wrote:
> OK, thanks. When do you expect a public deployment?
>
> From: Supun Nakandala [mailto:supun.nakandala@gmail.com<mailto:supun.nakandala@gmail.com>]
> Sent: Wednesday, July 02, 2014 1:14 PM
> To: dev@airavata.apache.org<mailto:dev@airavata.apache.org>
>
> Subject: Re: [GSoC] Status Update
>
> Hi Dave,
>
> You cannot use the API because it is not deployed publicly yet. You can get the code
from [1] and run the server locally and test the API. I have not yet added the configuration
files. It will take default localhost as the server.
>
> Supun
>
> [1] - https://github.com/scnakandala/airavata-userapi/tree/master/userapi
>
> On Wed, Jul 2, 2014 at 10:39 PM, Reagan, David Michael <dmreagan@iu.edu<mailto:dmreagan@iu.edu>>
wrote:
> Hey, Supun. I’m trying to use the new user API, but I’m getting an exception with
the following message:
>
> “TSocket: Could not connect to localhost:8932 (No connection could be made because
the target machine actively refused it. [10061])”
>
> It looks like this is coming from UserAPIClientFactory.php, where the default host is
localhost. I see that the default is being used because when the factory is created in userapi_utilities.php,
it is being passed an empty array as input. What should the values in that input array be,
and where should they be defined in a config file somewhere?
>
>
> Thanks,
> Dave
>
>
>
> From: Amila Jayasekara [mailto:thejaka.amila@gmail.com<mailto:thejaka.amila@gmail.com>]
> Sent: Monday, June 30, 2014 3:38 AM
> To: dev
> Subject: Re: [GSoC] Status Update
>
> Hi Supun,
>
> Very good progress. Please see some inline comments.
>
> On Sun, Jun 29, 2014 at 2:01 PM, Supun Nakandala <supun.nakandala@gmail.com<mailto:supun.nakandala@gmail.com>>
wrote:
> Hi all,
>
> Based on the feedback received I extended the proxy user API. The thrift descriptors
can be found at [1]. Also I incorporated the proxy API with PHP Reference Gateway (PHPRG)
and tested it locally.
>
> Now PHPRG can support a more comprehensive user creation process using the proxy API.
It supports first name, last name, email, organization, address, country, telephone, mobile,
im, url while the bold ones are mandatory and others are optional fields. [create_account_1.png,
create_account_1.png]
>
> The tenant admin (gateway admin) who can log in to the wso2 IS can view the users list
and their profiles.[wso2_is_user_profile_1.png, wso2_is_user_profile_2.png]
>
> The logged in user can also click on his username and change his password and update
his profile. [update_password.png, update_user_profile.png].
>
> I have issues related to securing the communication between the gateway and the proxy
user api as thrift is not supporting SSL for some programming languages including php(at least
for now). What I am planning to do is to use PKI encryption when sending password information
and to use short lived encrypted tokens during communication to avoid replay attacks.
>
> Generally it needs significant effort to come up with a both secure and an efficient
security protocol. Even SSL uses symmetric key after initial handshake (after exchanging symmetric
key). Therefore it would be great if you could use an existing PHP SSL library such as [2],
instead of PKI encrypted passwords. I dont know how much effort is needed to incorporate such
implementation to thrift layer. But I do believe this is something people have already done.
>
> [2] http://www.php.net/manual/en/book.openssl.php
>
> Thanks
> -Thejaka Amila
>
>
> Thank you
> Supun
>
> [1] - https://github.com/scnakandala/airavata-userapi/blob/master/userapi/thrift-interface-descriptors/userAPI.thrift
>
>
>
>
>
>
> --
> Thank you
> Supun Nakandala
> Dept. Computer Science and Engineering
> University of Moratuwa
>
>
>
> --
> Thank you
> Supun Nakandala
> Dept. Computer Science and Engineering
> University of Moratuwa


Mime
View raw message