airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hasini Gunasinghe (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (AIRAVATA-1624) [GSoC] Securing Airavata API
Date Tue, 02 Jun 2015 11:07:17 GMT

    [ https://issues.apache.org/jira/browse/AIRAVATA-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14568951#comment-14568951
] 

Hasini Gunasinghe edited comment on AIRAVATA-1624 at 6/2/15 11:07 AM:
----------------------------------------------------------------------

Hi all,

I have created a updated pull request[1] based on the previous pull request by merging it
with the 0.16 master. It would be great if I could get to know if you are OK with the way
API methods are changed with this solution, so that I could complete applying the same changes
to all the API methods.

I have listed the steps a developer will have to follow if he/she wishes to enforce security
on any method that will be added to the API in the future at https://cwiki.apache.org/confluence/display/AIRAVATA/Developer+Documentation+for+Securing+Airavata+API

As the security enforcement can be enabled/disabled at the Airavata server side, you do not
need to run WSO2 IS every time the server is started, although these changes are applied.

[1] https://github.com/apache/airavata/pull/12
Thanks & Best Regards,
Hasini.


was (Author: hasinig):
Hi all,

I have created a updated pull request based on the previous pull request by merging it with
the 0.16 master. It would be great if I could get to know if you are OK with the way API methods
are changed with this solution, so that I could complete applying the same changes to all
the API methods.

I have listed the steps a developer will have to follow if he/she wishes to enforce security
on any method that will be added to the API in the future at https://cwiki.apache.org/confluence/display/AIRAVATA/Developer+Documentation+for+Securing+Airavata+API

As the security enforcement can be enabled/disabled at the Airavata server side, you do not
need to run WSO2 IS every time the server is started, although these changes are applied.

Thanks & Best Regards,
Hasini.

> [GSoC] Securing Airavata API
> ----------------------------
>
>                 Key: AIRAVATA-1624
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-1624
>             Project: Airavata
>          Issue Type: New Feature
>          Components: Airavata API
>            Reporter: Suresh Marru
>              Labels: gsoc, gsoc2015, mentor
>             Fix For: WISHLIST
>
>         Attachments: Securing_ARAVATA_API_V1.pdf
>
>
> Apache Airavata uses Thrift based API's for external facing API's and for system internal
CPI's. The API's need to be secured adding authentication and authorization capabilities.

> The Authentication need to ensure only approved users/clients can communicate. Similarly
clients should only interact with valid servers. 
> Authorization need to be enforced to ensure only users with specific roles can appropriately
access specific API's. As an example, administrative roles should be able see all the users
experiments where as end users can only see his/her data and not access other information
(unless explicitly shared). 
> Earlier GSoC project focused on this topic has relavent discussion. 
> https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message