airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suresh Marru <sma...@apache.org>
Subject Re: Introducing gatewayId to SecurityToken in Airavata API
Date Sat, 12 Dec 2015 22:24:09 GMT
Hi Supun,

As I said in hip chat, this is a good and needed change to properly enforce authorization
at API level.  Thanks for fixing this up. Lets go for it. 

Suresh

> On Dec 11, 2015, at 10:17 PM, Supun Nakandala <supun.nakandala@gmail.com> wrote:
> 
> Hi devs,
> 
> Currently in the Airavata API we use the gatewayId only for some API methods like createExperiment,
registerApplication etc.. I would like to suggest that we move this field to SecurityToken
and make it mandatory for all API methods. For API methods which requires the gatewayId we
can read it from there.
> 
> By making gatewayId a mandatory field in SecurityToken, in the API it is easy to implement
access control to the API in a multi tenanted scenario.
> 
> Any Concerns? 
> 
> Thanks
> Supun


Mime
View raw message