Return-Path: X-Original-To: apmail-airavata-dev-archive@www.apache.org Delivered-To: apmail-airavata-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 655C711089 for ; Wed, 2 Jul 2014 18:09:29 +0000 (UTC) Received: (qmail 21839 invoked by uid 500); 2 Jul 2014 18:09:29 -0000 Delivered-To: apmail-airavata-dev-archive@airavata.apache.org Received: (qmail 21795 invoked by uid 500); 2 Jul 2014 18:09:29 -0000 Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airavata.apache.org Delivered-To: mailing list dev@airavata.apache.org Received: (qmail 21785 invoked by uid 99); 2 Jul 2014 18:09:28 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Jul 2014 18:09:28 +0000 X-ASF-Spam-Status: No, hits=2.5 required=5.0 tests=FREEMAIL_REPLY,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_FILL_THIS_FORM_SHORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of supun.nakandala@gmail.com designates 209.85.219.45 as permitted sender) Received: from [209.85.219.45] (HELO mail-oa0-f45.google.com) (209.85.219.45) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Jul 2014 18:09:25 +0000 Received: by mail-oa0-f45.google.com with SMTP id o6so12643517oag.4 for ; Wed, 02 Jul 2014 11:09:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=vEvoopihm+yCN0+7XBHo9LjMZIzQeAxkFM/fDxhR1hU=; b=a5FATHwVPpjhYiLHKdYhrlxQrGpR/587aS6bJqa98RBEAHlsgR7dJbpeg4zjIrjvOd 6JYllytjnQt2AzrBE0PHxJf9l2LeQ19NcLZxwUMe+DU5or6i0+7SDRQALqwupirJFY0v TfKkHa1/DZBS4sG8XOQxoOJU3ZhcR+bllCF8Y2hHdQ5w7i2LtnStGmcQgHTDbqFXQkhq Ji0qquTMjBjUG+G+IyqKP67IsyrA2Nx/its+Ys3PAL4rbVCU16wm/uEmcyfPbaMJ57xI tETbQtUP0tPUaZ7d1bheTCl+89KG3yMolJCD9Slf9/tuZegzjrCHIDzF0wQvwHCKHyDx tPtQ== MIME-Version: 1.0 X-Received: by 10.182.171.7 with SMTP id aq7mr25717777obc.67.1404324544327; Wed, 02 Jul 2014 11:09:04 -0700 (PDT) Received: by 10.76.70.196 with HTTP; Wed, 2 Jul 2014 11:09:04 -0700 (PDT) In-Reply-To: <5EB668D9BBF71F46B657363C67832BB31A8BA5E6@IU-MSSG-MBX101.ads.iu.edu> References: <5EB668D9BBF71F46B657363C67832BB31A8BA58C@IU-MSSG-MBX101.ads.iu.edu> <5EB668D9BBF71F46B657363C67832BB31A8BA5E6@IU-MSSG-MBX101.ads.iu.edu> Date: Wed, 2 Jul 2014 23:39:04 +0530 Message-ID: Subject: Re: [GSoC] Status Update From: Supun Nakandala To: dev@airavata.apache.org Content-Type: multipart/alternative; boundary=e89a8ff1ccae9d360e04fd39c941 X-Virus-Checked: Checked by ClamAV on apache.org --e89a8ff1ccae9d360e04fd39c941 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable There is a requirement of incorporating roles and permissions functionality to the user API. Currently I am working on it. But until then if we want we can go for a deployment of the current version of the server and get the PHP Reference Gateway work with user API. I can deploy it in the same server where wso2 IS is deployed. Is it okay to do so? On Wed, Jul 2, 2014 at 11:24 PM, Reagan, David Michael wrote: > OK, thanks. When do you expect a public deployment? > > > > *From:* Supun Nakandala [mailto:supun.nakandala@gmail.com] > *Sent:* Wednesday, July 02, 2014 1:14 PM > *To:* dev@airavata.apache.org > > *Subject:* Re: [GSoC] Status Update > > > > Hi Dave, > > > > You cannot use the API because it is not deployed publicly yet. You can > get the code from [1] and run the server locally and test the API. I have > not yet added the configuration files. It will take default localhost as > the server. > > > > Supun > > > > [1] - https://github.com/scnakandala/airavata-userapi/tree/master/userapi > > > > On Wed, Jul 2, 2014 at 10:39 PM, Reagan, David Michael > wrote: > > Hey, Supun. I=E2=80=99m trying to use the new user API, but I=E2=80=99m = getting an > exception with the following message: > > > > =E2=80=9CTSocket: Could not connect to localhost:8932 (No connection coul= d be > made because the target machine actively refused it. [10061])=E2=80=9D > > > > It looks like this is coming from UserAPIClientFactory.php, where the > default host is localhost. I see that the default is being used because > when the factory is created in userapi_utilities.php, it is being passed = an > empty array as input. What should the values in that input array be, and > where should they be defined in a config file somewhere? > > > > > > Thanks, > > Dave > > > > > > > > *From:* Amila Jayasekara [mailto:thejaka.amila@gmail.com] > *Sent:* Monday, June 30, 2014 3:38 AM > *To:* dev > *Subject:* Re: [GSoC] Status Update > > > > Hi Supun, > > > > Very good progress. Please see some inline comments. > > > > On Sun, Jun 29, 2014 at 2:01 PM, Supun Nakandala < > supun.nakandala@gmail.com> wrote: > > Hi all, > > > > Based on the feedback received I extended the proxy user API. The thrift > descriptors can be found at [1]. Also I incorporated the proxy API with P= HP > Reference Gateway (PHPRG) and tested it locally. > > > > Now PHPRG can support a more comprehensive user creation process using th= e > proxy API. It supports *first name, last name, email*, organization, > address, country, telephone, mobile, im, url while the bold ones are > mandatory and others are optional fields. [create_account_1.png, > create_account_1.png] > > > > The tenant admin (gateway admin) who can log in to the wso2 IS can view > the users list and their profiles.[wso2_is_user_profile_1.png, > wso2_is_user_profile_2.png] > > > > The logged in user can also click on his username and change his password > and update his profile. [update_password.png, update_user_profile.png]. > > > > I have issues related to securing the communication between the gateway > and the proxy user api as thrift is not supporting SSL for some programmi= ng > languages including php(at least for now). What I am planning to do is to > use PKI encryption when sending password information and to use short liv= ed > encrypted tokens during communication to avoid replay attacks. > > > > Generally it needs significant effort to come up with a both secure and a= n > efficient security protocol. Even SSL uses symmetric key after initial > handshake (after exchanging symmetric key). Therefore it would be great i= f > you could use an existing PHP SSL library such as [2], instead of PKI > encrypted passwords. I dont know how much effort is needed to incorporate > such implementation to thrift layer. But I do believe this is something > people have already done. > > > > [2] http://www.php.net/manual/en/book.openssl.php > > > > Thanks > > -Thejaka Amila > > > > > > Thank you > > Supun > > > > [1] - > https://github.com/scnakandala/airavata-userapi/blob/master/userapi/thrif= t-interface-descriptors/userAPI.thrift > > > > > > > > > > > > -- > Thank you > Supun Nakandala > Dept. Computer Science and Engineering > University of Moratuwa > --=20 Thank you Supun Nakandala Dept. Computer Science and Engineering University of Moratuwa --e89a8ff1ccae9d360e04fd39c941 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
There is a requirement of incorporating roles and permissi= ons functionality to the user API. Currently I am working on it. But until = then if we want we can go for a deployment of the current version of the se= rver and get the PHP Reference Gateway work with user API. I can deploy it = in the same server where wso2 IS is deployed. Is it okay to do so?


On Wed, Jul 2= , 2014 at 11:24 PM, Reagan, David Michael <dmreagan@iu.edu> wr= ote:

OK, thanks. When do you e= xpect a public deployment?

=C2=A0

From: Supun = Nakandala [mailto:supun.nakandala@gmail.com]
Sent: Wednesday, July 02, 2014 1:14 PM
To: dev= @airavata.apache.org


Subject: Re: [GSoC] Status Update

=C2=A0

Hi Dave,

=C2=A0

You cannot use the API because it is not deployed pu= blicly yet. You can get the code from [1] and run the server locally and te= st the API. I have not yet added the configuration files. It will take defa= ult localhost as the server.

=C2=A0

Supun

=C2=A0

=C2=A0<= /p>

On Wed, Jul 2, 2014 at 10:39 PM, Reagan, David Micha= el <dmreagan@iu.edu= > wrote:

Hey, Supun. I=E2=80=99m t= rying to use the new user API, but I=E2=80=99m getting an exception with th= e following message:

=C2=A0

=E2=80=9CTSocket: = Could not connect to localhost:8932 (No connection could be made because th= e target machine actively refused it. [10061])=E2=80=9D

=C2=A0

It looks like this is com= ing from UserAPIClientFactory.php, where the default host is localhost. I see that the default is being used because when the factory is created i= n userapi_utilities.php, it is being passed an empty array as input. What s= hould the values in that input array be, and where should they be defined i= n a config file somewhere?

=C2=A0

=C2=A0

Thanks,<= /u>

Dave=

=C2=A0

=C2=A0

=C2=A0

From: Amila = Jayasekara [mailto:thejaka.amila@gmail.com]
Sent: Monday, June 30, 2014 3:38 AM
To: dev
Subject: Re: [GSoC] Status Update

=C2=A0

Hi Supun,

=C2=A0

Very good progress. Please see some inline comments.=

=C2=A0<= /p>

On Sun, Jun 29, 2014 at 2:01 PM, Supun Nakandala <= ;supun.nakan= dala@gmail.com> wrote:

Hi all,

=C2=A0

Based on the feedback received I extended the proxy = user API. The thrift descriptors can be found at [1]. Also I incorporated t= he proxy API with PHP Reference Gateway (PHPRG) and tested it locally.

=C2=A0

Now PHPRG can support a more comprehensive user crea= tion process using the proxy API. It supports first name, last name, email, organization, address, country, teleph= one, mobile, im, url while the bold ones are mandatory and others are optio= nal fields. [create_account_1.png, create_account_1.png]

=C2=A0

The tenant admin (gateway admin) who can log in to t= he wso2 IS can view the users list and their profiles.[wso2_is_user_profile= _1.png, wso2_is_user_profile_2.png]=C2=A0

=C2=A0

The logged in user can also click on his username an= d change his password and update his profile. [update_password.png, update_= user_profile.png].

=C2=A0

I have issues related to securing the communication = between the gateway and the proxy user api as thrift is not supporting SSL = for some programming languages including php(at least for now). What I am planning to do is to use PKI encryption when sending p= assword information and to use short lived encrypted tokens during communic= ation to avoid replay attacks.

=C2=A0

Generally it needs significant effort to come up wit= h a both secure and an efficient security protocol. Even SSL uses symmetric= key after initial handshake (after exchanging symmetric key). Therefore it would be great if you could use an existing PHP SSL lib= rary such as [2], instead of PKI encrypted passwords. I dont know how much = effort is needed to incorporate such implementation to thrift layer. But I = do believe this is something people have already done.

=C2=A0

=C2=A0

Thanks

-Thejaka Amila

=C2=A0

=C2=A0



=C2=A0

--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa




--
Thank youSupun Nakandala
Dept. Computer Science and Engineering
University of= Moratuwa
--e89a8ff1ccae9d360e04fd39c941--