Hi Manu, In my point of view, we have to decide it based on what API does and who are the actual users involve.
In BPS, we have two sets of users: workflow participants and admin user/devOps of the BPS. Based on these users we can categorized BPS APIs into two sets. - Admin APIs : There are few APIs like artifact deployer API, accessed only by administrators of the server or devOps. - User APIs : BPMN Rest API and HumanTask API are user APIs, because these APIs only accessed by participants of processes and user tasks. But we can argue some of the operations are admin operations, but those are business admin operations. These resources/operations need to be authorized using an ACL, based on current user and his role in workflow or user-task. For example in HumanTask [1], we have several roles i.e. Business Administrator, Potential Owners, Excluded Owners, Stakeholders etc. Based on current user and his role in defined task, user are authorized to perform an operation. IMO having clear separations between User API and Admin API may important when securing these APIs separately. [1] - http://docs.oasis-open.org/bpel4people/ws-humantask-1.1-spec-cs-01.html#_Toc261430341 Thanks, Hasitha. On Wed, May 4, 2016 at 7:55 PM, Manuranga Perera <m...@wso2.com> wrote: > How do we define an admin vs non-admin API? > Is getting list of users different from getting the list of processes? > > A customer written UI may have to call both. We can argue that some things > are 100% admin eg: shutdown server. But to me this seems like an arbitrary > decision. > > > On Wed, May 4, 2016 at 12:14 AM, Hasitha Aravinda <hasi...@wso2.com> > wrote: > >> Another thing, we need to consider exposing different ports for user APIs >> and Admin APIs to have a clear separation. In C4 all user and admin APIs >> exposed in 9443 and 9763. AFAIK this is not supported in current MSF4J OSGi >> version. >> >> Thanks, >> Hasitha. >> >> On Wed, May 4, 2016 at 9:26 AM, Nandika Jayawardana <nand...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> In all the carbon platform versions up to now, we used 9443, and 9763 >>> ports for admin services for all server products. Are we going to use the >>> same ports for C5. >>> >>> Regards >>> Nandika >>> >>> -- >>> Nandika Jayawardana >>> WSO2 Inc ; http://wso2.com >>> lean.enterprise.middleware >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> -- >> Hasitha Aravinda, >> Senior Software Engineer, >> WSO2 Inc. >> Email: hasi...@wso2.com >> Mobile : +94 718 210 200 >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > With regards, > *Manu*ranga Perera. > > phone : 071 7 70 20 50 > mail : m...@wso2.com > -- -- Hasitha Aravinda, Senior Software Engineer, WSO2 Inc. Email: hasi...@wso2.com Mobile : +94 718 210 200
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
