On Thu, Apr 20, 2017 at 11:08 AM, Ishara Cooray <isha...@wso2.com> wrote:
> Hi, > > Previous versions(Before C5) of APIM Publisher, Store Apps front end > validations were done based on user roles. > > But with C5 we think of fine graining User Interfaces by controlling > access to UI components such as Add, Edit, Delete buttons/links based on > the user scopes. > What is reason for using scopes for authorization.. ? Can't we use policy based approach such as XACML ? Thanks, Asela. > > 1. We need to find scopes associate with each action (REST api call). This > can be done in two ways. > > - Read the scopes from swagger definition > > - Associate scopes with the UI component itself. > > IMO associate scopes with the UI component will be more efficient than > processing swagger definition while rendering UI. > > 2. We need to find logged in user scopes and persists in somewhere > > - We can do a introspect call and get the user scopes. > > - We can get the roles from logged in user claims and then find scopes > based on role to scopes mapping > > In both the cases we will need to persist these info in a browser session. > persisting user claims will be helpful for future use cases as well. > > We can use a secure cookie with HttpOnly and Secure flags enabled to > persist these data. > > > *Implementation* > > There will be a common js function that accepts UI component and then it > validates against user scopes. Based on that the UI component will be > enabled/ disabled. > > Followings are the UI components that have identified to be validated > among currently available UIs. > > > *-Publisher-* > > 1.Create API > 2. API - Edit > 3. API - Delete > 4.Change Policies - Update > 5. Change Labels - update > 6. Change LC status buttons > 7. Endpoint Update > 8. Resource Add > 9. Resource Save > 10. Document Add > 11. Document Edit/Delete > 12. Create new version - Add > 13. Access Controll - Not yet Available > 14. Mediation - todo > 15. Scripting - todo > > *-Store-* > 1. Application - Add > 2. application - View > 3. application - Edit > 4. application - Delete > 5. Subscription - todo > > Appreciate your thoughts. > > > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 <+94%2077%20262%209512> > WSO2, Inc. | http://wso2.com/ > Lean . Enterprise . Middleware > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture