Hi Supun, Amila is right on. To your question on what roles PHP Gateway will need, I will make a first order approximation and suggest the following:
Casual Users - When users stumble upon a gateway, provide basic tutorials. For example, we used to allow casual users execute educational experiments - http://www.atmos.millersville.edu/~lead/modules.htm Gateway Users - These users are vetted by the administrators and pretty much have permission to execute all applications and charge to allocations. Application Providers - This role will allow to register new applications and workflows (as opposed to only using them by gateway users). Gateway Administrators - essentially tenant admins. Manage community account credentials, add remove user roles and other admin functions. Gateway Operators - Typically this is done by gateway administrators themselves, but better to have a separate role. These role will be used for notifying when user experiments go wrong due to infrastructure reasons. Enable/Disable compute resources, applications. A users may be in one or more roles. Suresh On Jun 30, 2014, at 3:53 AM, Amila Jayasekara <thejaka.am...@gmail.com> wrote: > Hi Supun, > > I would expect following; (others please correct me if I am wrong) > > We need to control access to API functions through roles. Also IS has a > notion of permissions and resources. So the resources are mapped to functions > defined in thrift API. So a permission would look like follows > (hypothetically); > > permission = ("execute", /scigap/thrift/executeExperiment); > > We should be able to attach such permissions to roles. So when user invokes > an API function we need to do following; > 1. find user's role > 2. examine role's permissions > 3. check whether any role has permission relevant to invoking function > > AFAIK IS provided a way to define permissions and attach them to roles. You > may need to check how those can be used through APIs and how achieve above > described functionality. > > Thanks > Regards > -Thejaka Amila > > > > > On Sun, Jun 29, 2014 at 2:19 PM, Supun Nakandala <supun.nakand...@gmail.com> > wrote: > Hi all, > > I am in the process of incorporating the notion of roles to the PHP Reference > Gateway using the proxy user api that I am developing. WSO2 IS enables the > tenant admin (gateway admin) to create roles and assign users to roles (many > to many mapping). From the gateway side we can consume these services and > implement role based user functionality. The roles defined will only be > visible to that particular gateway(tenant). > > I would like to know what type of role based functionality is required in the > context of the PHP Reference Gateway. > > Thank you. > Supun >