airavata-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Jayasekara <thejaka.am...@gmail.com>
Subject Re: Introducing gatewayId to SecurityToken in Airavata API
Date Mon, 14 Dec 2015 00:33:18 GMT
Does that mean particular gateway can get experiment information of another
gateway?
If so, For a multi-tenant situation this needs to change.

Thanks
-Thejaka


On Sun, Dec 13, 2015 at 3:16 PM, Supun Nakandala <supun.nakandala@gmail.com>
wrote:

> Currently we send the gatewayId for the API method as a parameter. This is
> not sent to all API methods but only for the required ones such as
> createExeriment. But for other methods like getExperiment we don't require
> only the experimentId. So users can access other gateway's experiments if
> they know the experimentId.
>
> The idea is to make gatewayId a mandatory field in SecurityToken and
> validate it at the API security manager.
>
> On Sun, Dec 13, 2015 at 12:23 PM, Amila Jayasekara <
> thejaka.amila@gmail.com> wrote:
>
>>
>>
>> On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <
>> supun.nakandala@gmail.com> wrote:
>>
>>> Hi devs,
>>>
>>> Currently in the Airavata API we use the gatewayId only for some API
>>> methods like createExperiment, registerApplication etc.. I would like to
>>> suggest that we move this field to SecurityToken and make it mandatory for
>>> all API methods. For API methods which requires the gatewayId we can read
>>> it from there.
>>>
>>
>> So, currently how does other methods figure out on which gateway id the
>> operation should be performed ?
>>
>> -Thejaka
>>
>>
>>>
>>> By making gatewayId a mandatory field in SecurityToken, in the API it is
>>> easy to implement access control to the API in a multi tenanted scenario.
>>>
>>> Any Concerns?
>>>
>>> Thanks
>>> Supun
>>>
>>
>>
>
>
> --
> Thank you
> Supun Nakandala
> Dept. Computer Science and Engineering
> University of Moratuwa
>

Mime
View raw message