Hi Supun, I would expect following; (others please correct me if I am wrong)
We need to control access to API functions through roles. Also IS has a notion of permissions and resources. So the resources are mapped to functions defined in thrift API. So a permission would look like follows (hypothetically); permission = ("execute", /scigap/thrift/executeExperiment); We should be able to attach such permissions to roles. So when user invokes an API function we need to do following; 1. find user's role 2. examine role's permissions 3. check whether any role has permission relevant to invoking function AFAIK IS provided a way to define permissions and attach them to roles. You may need to check how those can be used through APIs and how achieve above described functionality. Thanks Regards -Thejaka Amila On Sun, Jun 29, 2014 at 2:19 PM, Supun Nakandala <supun.nakand...@gmail.com> wrote: > Hi all, > > I am in the process of incorporating the notion of roles to the PHP > Reference Gateway using the proxy user api that I am developing. WSO2 IS > enables the tenant admin (gateway admin) to create roles and assign users > to roles (many to many mapping). From the gateway side we can consume these > services and implement role based user functionality. The roles defined > will only be visible to that particular gateway(tenant). > > I would like to know what type of role based functionality is required in > the context of the PHP Reference Gateway. > > Thank you. > Supun >