airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Supun Nakandala <supun.nakand...@gmail.com>
Subject Re: Introducing gatewayId to SecurityToken in Airavata API
Date Sun, 13 Dec 2015 20:16:15 GMT
Currently we send the gatewayId for the API method as a parameter. This is
not sent to all API methods but only for the required ones such as
createExeriment. But for other methods like getExperiment we don't require
only the experimentId. So users can access other gateway's experiments if
they know the experimentId.

The idea is to make gatewayId a mandatory field in SecurityToken and
validate it at the API security manager.

On Sun, Dec 13, 2015 at 12:23 PM, Amila Jayasekara <thejaka.amila@gmail.com>
wrote:

>
>
> On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <
> supun.nakandala@gmail.com> wrote:
>
>> Hi devs,
>>
>> Currently in the Airavata API we use the gatewayId only for some API
>> methods like createExperiment, registerApplication etc.. I would like to
>> suggest that we move this field to SecurityToken and make it mandatory for
>> all API methods. For API methods which requires the gatewayId we can read
>> it from there.
>>
>
> So, currently how does other methods figure out on which gateway id the
> operation should be performed ?
>
> -Thejaka
>
>
>>
>> By making gatewayId a mandatory field in SecurityToken, in the API it is
>> easy to implement access control to the API in a multi tenanted scenario.
>>
>> Any Concerns?
>>
>> Thanks
>> Supun
>>
>
>


-- 
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa

Mime
View raw message