airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Reagan, David Michael" <dmrea...@iu.edu>
Subject RE: [GSoC] Status Update
Date Wed, 02 Jul 2014 17:09:20 GMT
Hey, Supun. I’m trying to use the new user API, but I’m getting an exception with the following
message:

“TSocket: Could not connect to localhost:8932 (No connection could be made because the target
machine actively refused it. [10061])”

It looks like this is coming from UserAPIClientFactory.php, where the default host is localhost.
I see that the default is being used because when the factory is created in userapi_utilities.php,
it is being passed an empty array as input. What should the values in that input array be,
and where should they be defined in a config file somewhere?


Thanks,
Dave



From: Amila Jayasekara [mailto:thejaka.amila@gmail.com]
Sent: Monday, June 30, 2014 3:38 AM
To: dev
Subject: Re: [GSoC] Status Update

Hi Supun,

Very good progress. Please see some inline comments.

On Sun, Jun 29, 2014 at 2:01 PM, Supun Nakandala <supun.nakandala@gmail.com<mailto:supun.nakandala@gmail.com>>
wrote:
Hi all,

Based on the feedback received I extended the proxy user API. The thrift descriptors can be
found at [1]. Also I incorporated the proxy API with PHP Reference Gateway (PHPRG) and tested
it locally.

Now PHPRG can support a more comprehensive user creation process using the proxy API. It supports
first name, last name, email, organization, address, country, telephone, mobile, im, url while
the bold ones are mandatory and others are optional fields. [create_account_1.png, create_account_1.png]

The tenant admin (gateway admin) who can log in to the wso2 IS can view the users list and
their profiles.[wso2_is_user_profile_1.png, wso2_is_user_profile_2.png]

The logged in user can also click on his username and change his password and update his profile.
[update_password.png, update_user_profile.png].

I have issues related to securing the communication between the gateway and the proxy user
api as thrift is not supporting SSL for some programming languages including php(at least
for now). What I am planning to do is to use PKI encryption when sending password information
and to use short lived encrypted tokens during communication to avoid replay attacks.

Generally it needs significant effort to come up with a both secure and an efficient security
protocol. Even SSL uses symmetric key after initial handshake (after exchanging symmetric
key). Therefore it would be great if you could use an existing PHP SSL library such as [2],
instead of PKI encrypted passwords. I dont know how much effort is needed to incorporate such
implementation to thrift layer. But I do believe this is something people have already done.

[2] http://www.php.net/manual/en/book.openssl.php

Thanks
-Thejaka Amila


Thank you
Supun

[1] - https://github.com/scnakandala/airavata-userapi/blob/master/userapi/thrift-interface-descriptors/userAPI.thrift



Mime
View raw message