Hi, Using OAuth will be beneficial & future-proof as well. You can use it easily when the APIs are exposed to the public. +1 for using OAuth for API Security.
Thanks, Best Regards, Lakshitha Harshan Software Engineer Mobile: *+94724423048* Email: hars...@wso2.com Blog : http://harshanliyanage.blogspot.com/ *WSO2, Inc. :** wso2.com <http://wso2.com/>* lean.enterprise.middleware. On Sun, Oct 19, 2014 at 7:29 PM, Manoj Gunawardena <man...@wso2.com> wrote: > Hi, > +1 for OAuth2. Because publisher APIs can be use in mobile devices. > Ex -: customer implements mobile app to publish assets > > Also need to think about how customer can extend (customize) the security > with our extension model. > Ex-: Customer writes a extended publisher API and need to give different > grant types and roles > > Also , I think better to maintain one security mechanism, rather than > secure some apis with oAuth2 and some apis with Basic Authentication. > > > > Thanks > > On Sun, Oct 19, 2014 at 1:12 PM, Ayesha Dissanayaka <aye...@wso2.com> > wrote: > >> Thank you everyone for your valuable inputs. >> >> @Udara, >> These API endpoints are used by ES publisher App itself and will be >> invoked by authorized third party as well. In that way we have enabled >> accessing ES back office via remote clients as well. >> >> According to suggestions in this thread having aouth is the best way to >> secure the endpoints which are exposed to third party. >> >> We will decide whether to use basic-aouth/aouth or suppot both, and >> update the thread on final outcome. >> >> Thanks! >> - Ayesha >> >> On Sat, Oct 18, 2014 at 10:27 PM, Udara Liyanage <ud...@wso2.com> wrote: >> >>> Hi, >>> >>> Having basic oauth with HTTPS is kind of secured as long as no third >>> party is invoking the APIs. >>> >>> >>> >>> Touched, not typed. Erroneous words are a feature, not a typo. >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Ayesha Dissanayaka* >> Software Engineer, >> WSO2, Inc : http://wso2.com >> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg> >> 20, Palmgrove Avenue, Colombo 3 >> E-Mail: aye...@wso2.com <ayshsa...@gmail.com> >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Manoj Gunawardena > Tech Lead > WSO2, Inc.: http://wso2.com > lean.enterprise.middleware > Mobile : +94 77 2291643 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture