[
http://jira.amdatu.org/jira/browse/AMDATUAUTH-49?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ivo Ladage - van Doorn updated AMDATUAUTH-49:
---------------------------------------------
Description:
A generic mechanism should be available to secure REST services. This mechanism
should consider:
- oAuth for server to server communication (signed requests)
- 3-legged oAuth for user-protected resources
- Validating Amdatu token for site authentication + UserAdmin authorization
check
- Administration of authorization per REST service/method. So an admin ui
should be available in which can be defined what roles have access to invoke
what REST service, and which methods of this service. Or something like that...
The implementation of the framework is already covered by AMDATU-50 and
AMDATU-87. This issue only covers leveraging the framework and implement auth
checks for available REST services.
was:
A generic mechanism should be available to secure REST services. This mechanism
should consider:
- oAuth for server to server communication (signed requests)
- 3-legged oAuth for user-protected resources
- Validating Amdatu token for site authentication + UserAdmin authorization
check
- Administration of authorization per REST service/method. So an admin ui
should be available in which can be defined what roles have access to invoke
what REST service, and which methods of this service. Or something like that...
> Implement authentication and authorization for existing REST services
> ---------------------------------------------------------------------
>
> Key: AMDATUAUTH-49
> URL: http://jira.amdatu.org/jira/browse/AMDATUAUTH-49
> Project: Amdatu Auth
> Issue Type: Roadmap Issue
> Components: Authorization & authentication
> Reporter: Ivo Ladage - van Doorn
>
> A generic mechanism should be available to secure REST services. This
> mechanism should consider:
> - oAuth for server to server communication (signed requests)
> - 3-legged oAuth for user-protected resources
> - Validating Amdatu token for site authentication + UserAdmin authorization
> check
> - Administration of authorization per REST service/method. So an admin ui
> should be available in which can be defined what roles have access to invoke
> what REST service, and which methods of this service. Or something like
> that...
> The implementation of the framework is already covered by AMDATU-50 and
> AMDATU-87. This issue only covers leveraging the framework and implement auth
> checks for available REST services.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers
