Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@airavata.apache.org
MIME-Version: 1.0
In-Reply-To: 
 <CAFwzmVC9h=aP4qcKVLKMpnv67BW3WbykrbtHmktFoF87in=fqw@mail.gmail.com>
References: 
 <CAFwzmVA=dnJEY_sLyyD3Ts2fgm6xEubnxWNf2n8FxkNprtKqiQ@mail.gmail.com>
	<CAKUcLKZaakUf0qUe9JOWMWWjLKmgoRRouCawqfKZCFf4G3+WpA@mail.gmail.com>
	<CAFwzmVC9h=aP4qcKVLKMpnv67BW3WbykrbtHmktFoF87in=fqw@mail.gmail.com>
Date: Sun, 13 Dec 2015 19:33:18 -0500
Message-ID: 
 <CAKUcLKaZoqrJV-Vcc5iX-Chyp31gP=dyxCyf9_W0wZRWR_aiJA@mail.gmail.com>
Subject: Re: Introducing gatewayId to SecurityToken in Airavata API
From: Amila Jayasekara <thejaka.amila@gmail.com>
To: dev <dev@airavata.apache.org>
Content-Type: multipart/alternative; boundary=001a113ec600d04ee00526d0d16e

--001a113ec600d04ee00526d0d16e
Content-Type: text/plain; charset=UTF-8

Does that mean particular gateway can get experiment information of another
gateway?
If so, For a multi-tenant situation this needs to change.

Thanks
-Thejaka


On Sun, Dec 13, 2015 at 3:16 PM, Supun Nakandala <supun.nakandala@gmail.com>
wrote:

> Currently we send the gatewayId for the API method as a parameter. This is
> not sent to all API methods but only for the required ones such as
> createExeriment. But for other methods like getExperiment we don't require
> only the experimentId. So users can access other gateway's experiments if
> they know the experimentId.
>
> The idea is to make gatewayId a mandatory field in SecurityToken and
> validate it at the API security manager.
>
> On Sun, Dec 13, 2015 at 12:23 PM, Amila Jayasekara <
> thejaka.amila@gmail.com> wrote:
>
>>
>>
>> On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <
>> supun.nakandala@gmail.com> wrote:
>>
>>> Hi devs,
>>>
>>> Currently in the Airavata API we use the gatewayId only for some API
>>> methods like createExperiment, registerApplication etc.. I would like to
>>> suggest that we move this field to SecurityToken and make it mandatory for
>>> all API methods. For API methods which requires the gatewayId we can read
>>> it from there.
>>>
>>
>> So, currently how does other methods figure out on which gateway id the
>> operation should be performed ?
>>
>> -Thejaka
>>
>>
>>>
>>> By making gatewayId a mandatory field in SecurityToken, in the API it is
>>> easy to implement access control to the API in a multi tenanted scenario.
>>>
>>> Any Concerns?
>>>
>>> Thanks
>>> Supun
>>>
>>
>>
>
>
> --
> Thank you
> Supun Nakandala
> Dept. Computer Science and Engineering
> University of Moratuwa
>

--001a113ec600d04ee00526d0d16e
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Does that mean particular gateway can get experiment infor=
mation of another gateway?<div>If so, For a multi-tenant situation this nee=
ds to change.</div><div><br></div><div>Thanks</div><div>-Thejaka</div><div>=
<br></div><div><div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On=
 Sun, Dec 13, 2015 at 3:16 PM, Supun Nakandala <span dir=3D"ltr">&lt;<a hre=
f=3D"mailto:supun.nakandala@gmail.com">supun.nakandala@gmail.com</a>&gt;</s=
pan> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex=
;border-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr">Currently we=
 send the gatewayId for the API method as a parameter. This is not sent to =
all API methods but only for the required ones such as createExeriment. But=
 for other methods like getExperiment we don&#39;t require only the experim=
entId. So users can access other gateway&#39;s experiments if they know the=
 experimentId.<div><br></div><div>The idea is to make gatewayId a mandatory=
 field in SecurityToken and validate it at the API security manager.</div><=
/div><div class=3D"gmail_extra"><div><div><br><div class=3D"gmail_quote">On=
 Sun, Dec 13, 2015 at 12:23 PM, Amila Jayasekara <span dir=3D"ltr">&lt;<a h=
ref=3D"mailto:thejaka.amila@gmail.com">thejaka.amila@gmail.com</a>&gt;</spa=
n> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;b=
order-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><br><div class=
=3D"gmail_extra"><br><div class=3D"gmail_quote"><span>On Fri, Dec 11, 2015 =
at 10:17 PM, Supun Nakandala <span dir=3D"ltr">&lt;<a href=3D"mailto:supun.=
nakandala@gmail.com">supun.nakandala@gmail.com</a>&gt;</span> wrote:<br><bl=
ockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #=
ccc solid;padding-left:1ex"><div dir=3D"ltr"><div>Hi devs,</div><div><br></=
div><div>Currently in the Airavata API we use the gatewayId only for some A=
PI methods like createExperiment, registerApplication etc.. I would like to=
 suggest that we move this field to SecurityToken and make it mandatory for=
 all API methods. For API methods which requires the gatewayId we can read =
it from there.</div></div></blockquote><div><br></div></span><div>So, curre=
ntly how does other methods figure out on which gateway id the operation sh=
ould be performed ?</div><div><br></div><div>-Thejaka</div><span><div>=C2=
=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;borde=
r-left:1px #ccc solid;padding-left:1ex"><div dir=3D"ltr"><div><br></div><di=
v>By making gatewayId a mandatory field in SecurityToken, in the API it is =
easy to implement access control to the API in a multi tenanted scenario.</=
div><div><br></div><div>Any Concerns?=C2=A0</div><div><br></div><div>Thanks=
</div><span><font color=3D"#888888"><div>Supun</div>
</font></span></div>
</blockquote></span></div><br></div></div>
</blockquote></div><br><br clear=3D"all"><div><br></div></div></div><span>-=
- <br><div>Thank you<br>Supun Nakandala<br>Dept. Computer Science and Engin=
eering<br>University of Moratuwa<br></div>
</span></div>
</blockquote></div><br></div></div></div>

--001a113ec600d04ee00526d0d16e--