Hi Darshana, Thanks for the quick response. I will go through the link.
Thanks, Malintha On Mar 1, 2016 5:09 PM, "Darshana Gunawardana" <darsh...@wso2.com> wrote: > Hi Malintha, > > Yes, the better option is to create new permissions for DCR, rather > reusing already defined permissions. You can refer [1] to see how the > recently developed IS workflow component defined its permission model and > it's hierarchy. > > [1] > http://cdwijayarathna.blogspot.com/2016/01/permission-model-of-wso2-is-workflow.html > > Thanks, > > On Tue, Mar 1, 2016 at 6:20 AM, Malintha Amarasinghe <malint...@wso2.com> > wrote: > >> Hi All, >> >> Currently Dynamic Client Registration (DCR) module in API Manager [1] >> allows to create OAuth applications irrespective of user permissions. That >> might lead to problems as any user can directly create Apps which might be >> unusable and they can flood the system too. >> >> Currently in API Manager we have following permissions defined. >> >> /permission/admin/manage/api/create >> /permission/admin/manage/api/publish >> /permission/admin/manage/api/subscribe >> >> We initially thought of letting user to create OAuth apps through DCR >> only if user has any of the above permissions. But it then allows *ALL* >> creators/subscribers and publishers to create OAuth apps through DCR and we >> cannot restrict that. >> >> Hence, we are suggesting to use a new permission for create an OAuth app >> using DCR. Then we can specifically choose which user can access DCR. >> >> Please share your thoughts. >> >> PS: >> As per [2] current DCR module of API Manager will be moved as an IS >> component. >> >> Thanks, >> Malintha >> >> [1] >> https://github.com/wso2/carbon-apimgt/tree/master/components/apimgt/org.wso2.carbon.apimgt.rest.api.dcr/src/main/java/org/wso2/carbon/apimgt/rest/api/dcr/web >> [2] https://github.com/wso2/carbon-identity/pull/1712/files >> >> -- >> Malintha Amarasinghe >> Software Engineer >> *WSO2, Inc. - lean | enterprise | middleware* >> http://wso2.com/ >> >> Mobile : +94 712383306 >> > > > > -- > Regards, > > > *Darshana Gunawardana*Senior Software Engineer > WSO2 Inc.; http://wso2.com > > *E-mail: darsh...@wso2.com <darsh...@wso2.com>* > *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture