Hi Supun,
I would expect following; (others please correct me if I am wrong)
We need to control access to API functions through roles. Also IS has a
notion of permissions and resources. So the resources are mapped to
functions defined in thrift API. So a permission would look like follows
(hypothetically);
permission = ("execute", /scigap/thrift/executeExperiment);
We should be able to attach such permissions to roles. So when user invokes
an API function we need to do following;
1. find user's role
2. examine role's permissions
3. check whether any role has permission relevant to invoking function
AFAIK IS provided a way to define permissions and attach them to roles. You
may need to check how those can be used through APIs and how achieve above
described functionality.
Thanks
Regards
-Thejaka Amila
On Sun, Jun 29, 2014 at 2:19 PM, Supun Nakandala <supun.nakand...@gmail.com>
wrote:
> Hi all,
>
> I am in the process of incorporating the notion of roles to the PHP
> Reference Gateway using the proxy user api that I am developing. WSO2 IS
> enables the tenant admin (gateway admin) to create roles and assign users
> to roles (many to many mapping). From the gateway side we can consume these
> services and implement role based user functionality. The roles defined
> will only be visible to that particular gateway(tenant).
>
> I would like to know what type of role based functionality is required in
> the context of the PHP Reference Gateway.
>
> Thank you.
> Supun
>
