This thread described the authorization issue when reading data for gadgets ( as I mentioned in Dashboard server product council).
When IoT server/ API manager publish events, it need to tell DAS whose data it is. ( however, server cannot login using that user, as then it will need to keep passwords and also end up having to keep too many connections). Gadget, when requesting data, has to tell DAS on whose behalf it is requesting the data. DAS has to verify and show visible data. ( also DAS data API need to be secured so that random users cannot call it and look at other people's data). --Srinath On Sat, Mar 19, 2016 at 9:13 PM, Srinath Perera <srin...@wso2.com> wrote: > Yes, and Ann can also generate a token and share with Smith, to send with > his requests. > > Also, IMO the most Dashboard requests would come from a browser ( in a > phone or PC), not from simple device. So storing or locating the token > should not be a problem. > > On Fri, Mar 18, 2016 at 3:21 PM, Chathura Ekanayake <chath...@wso2.com> > wrote: > >> >> >> >>> I think we should go for a taken based approach (e.g. OAuth) to handle >>> these scenarios. Following are few ideas >>> >>> >>> 1. >>> >>> Using a token ( Ann attesting system user can do publish/ access to >>> this stream on her behalf), Ann let the “system user“ publish data into >>> Ann’s account >>> >>> >> If a device can store a token, Ann can generate a token with necessary >> scope (to access Ann's event store) and store the token in the device >> itself. In that case, device can send the token with each event, so that >> IoT platform can decide permissions based on the token. >> >> >>> >>> 1. >>> >>> When we give user Smith access to a gadget, we generate a token, >>> which he will send when he is accessing the gadget, which the gadget will >>> send to the DAS backend to get access to correct tables >>> 2. >>> >>> Same token can be used for API access as well >>> 3. >>> >>> We need to manage the tokens issued to each user so this happen >>> transparently to the end user as much as possible. >>> >>> >>> >> > > > -- > ============================ > Blog: http://srinathsview.blogspot.com twitter:@srinath_perera > Site: http://people.apache.org/~hemapani/ > Photos: http://www.flickr.com/photos/hemapani/ > Phone: 0772360902 > -- ============================ Blog: http://srinathsview.blogspot.com twitter:@srinath_perera Site: http://home.apache.org/~hemapani/ Photos: http://www.flickr.com/photos/hemapani/ Phone: 0772360902
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
