Will you run admin stuff & user stuff on the same instances? At least shouldn't our recommendation be that admin & user stuff have to be separate, as a best practice?
On Wed, May 4, 2016 at 9:12 PM, Hasitha Aravinda <hasi...@wso2.com> wrote: > Hi Manu, > > In my point of view, we have to decide it based on what API does and who > are the actual users involve. > > In BPS, we have two sets of users: workflow participants and admin > user/devOps of the BPS. Based on these users we can categorized BPS APIs > into two sets. > > - Admin APIs : There are few APIs like artifact deployer API, accessed > only by administrators of the server or devOps. > > > - User APIs : BPMN Rest API and HumanTask API are user APIs, because > these APIs only accessed by participants of processes and user tasks. But > we can argue some of the operations are admin operations, but those are > business admin operations. These resources/operations need to > be authorized using an ACL, based on current user and his role in workflow > or user-task. > > For example in HumanTask [1], we have several roles i.e. Business > Administrator, Potential Owners, Excluded Owners, Stakeholders etc. Based > on current user and his role in defined task, user are authorized to > perform an operation. > > IMO having clear separations between User API and Admin API may important > when securing these APIs separately. > > [1] - > http://docs.oasis-open.org/bpel4people/ws-humantask-1.1-spec-cs-01.html#_Toc261430341 > > Thanks, > Hasitha. > > On Wed, May 4, 2016 at 7:55 PM, Manuranga Perera <m...@wso2.com> wrote: > >> How do we define an admin vs non-admin API? >> Is getting list of users different from getting the list of processes? >> >> A customer written UI may have to call both. We can argue that some >> things are 100% admin eg: shutdown server. But to me this seems like an >> arbitrary decision. >> >> >> On Wed, May 4, 2016 at 12:14 AM, Hasitha Aravinda <hasi...@wso2.com> >> wrote: >> >>> Another thing, we need to consider exposing different ports for user >>> APIs and Admin APIs to have a clear separation. In C4 all user and admin >>> APIs exposed in 9443 and 9763. AFAIK this is not supported in current MSF4J >>> OSGi version. >>> >>> Thanks, >>> Hasitha. >>> >>> On Wed, May 4, 2016 at 9:26 AM, Nandika Jayawardana <nand...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> In all the carbon platform versions up to now, we used 9443, and 9763 >>>> ports for admin services for all server products. Are we going to use the >>>> same ports for C5. >>>> >>>> Regards >>>> Nandika >>>> >>>> -- >>>> Nandika Jayawardana >>>> WSO2 Inc ; http://wso2.com >>>> lean.enterprise.middleware >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> >>> >>> -- >>> -- >>> Hasitha Aravinda, >>> Senior Software Engineer, >>> WSO2 Inc. >>> Email: hasi...@wso2.com >>> Mobile : +94 718 210 200 >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> With regards, >> *Manu*ranga Perera. >> >> phone : 071 7 70 20 50 >> mail : m...@wso2.com >> > > > > -- > -- > Hasitha Aravinda, > Senior Software Engineer, > WSO2 Inc. > Email: hasi...@wso2.com > Mobile : +94 718 210 200 > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Afkham Azeez* Director of Architecture; WSO2, Inc.; http://wso2.com Member; Apache Software Foundation; http://www.apache.org/ * <http://www.apache.org/>* *email: **az...@wso2.com* <az...@wso2.com> * cell: +94 77 3320919blog: **http://blog.afkham.org* <http://blog.afkham.org> *twitter: **http://twitter.com/afkham_azeez* <http://twitter.com/afkham_azeez> *linked-in: **http://lk.linkedin.com/in/afkhamazeez <http://lk.linkedin.com/in/afkhamazeez>* *Lean . Enterprise . Middleware*
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
