If roles are not currently in the user API, then I don’t need it yet. But please let me know as soon as roles are ready.
I imagine it is OK to use the same server as wso2, but I’m not really in a position to know. Perhaps someone else can comment? Dave From: Supun Nakandala [mailto:supun.nakand...@gmail.com] Sent: Wednesday, July 02, 2014 2:09 PM To: dev@airavata.apache.org Subject: Re: [GSoC] Status Update There is a requirement of incorporating roles and permissions functionality to the user API. Currently I am working on it. But until then if we want we can go for a deployment of the current version of the server and get the PHP Reference Gateway work with user API. I can deploy it in the same server where wso2 IS is deployed. Is it okay to do so? On Wed, Jul 2, 2014 at 11:24 PM, Reagan, David Michael <dmrea...@iu.edu<mailto:dmrea...@iu.edu>> wrote: OK, thanks. When do you expect a public deployment? From: Supun Nakandala [mailto:supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>] Sent: Wednesday, July 02, 2014 1:14 PM To: dev@airavata.apache.org<mailto:dev@airavata.apache.org> Subject: Re: [GSoC] Status Update Hi Dave, You cannot use the API because it is not deployed publicly yet. You can get the code from [1] and run the server locally and test the API. I have not yet added the configuration files. It will take default localhost as the server. Supun [1] - https://github.com/scnakandala/airavata-userapi/tree/master/userapi On Wed, Jul 2, 2014 at 10:39 PM, Reagan, David Michael <dmrea...@iu.edu<mailto:dmrea...@iu.edu>> wrote: Hey, Supun. I’m trying to use the new user API, but I’m getting an exception with the following message: “TSocket: Could not connect to localhost:8932 (No connection could be made because the target machine actively refused it. [10061])” It looks like this is coming from UserAPIClientFactory.php, where the default host is localhost. I see that the default is being used because when the factory is created in userapi_utilities.php, it is being passed an empty array as input. What should the values in that input array be, and where should they be defined in a config file somewhere? Thanks, Dave From: Amila Jayasekara [mailto:thejaka.am...@gmail.com<mailto:thejaka.am...@gmail.com>] Sent: Monday, June 30, 2014 3:38 AM To: dev Subject: Re: [GSoC] Status Update Hi Supun, Very good progress. Please see some inline comments. On Sun, Jun 29, 2014 at 2:01 PM, Supun Nakandala <supun.nakand...@gmail.com<mailto:supun.nakand...@gmail.com>> wrote: Hi all, Based on the feedback received I extended the proxy user API. The thrift descriptors can be found at [1]. Also I incorporated the proxy API with PHP Reference Gateway (PHPRG) and tested it locally. Now PHPRG can support a more comprehensive user creation process using the proxy API. It supports first name, last name, email, organization, address, country, telephone, mobile, im, url while the bold ones are mandatory and others are optional fields. [create_account_1.png, create_account_1.png] The tenant admin (gateway admin) who can log in to the wso2 IS can view the users list and their profiles.[wso2_is_user_profile_1.png, wso2_is_user_profile_2.png] The logged in user can also click on his username and change his password and update his profile. [update_password.png, update_user_profile.png]. I have issues related to securing the communication between the gateway and the proxy user api as thrift is not supporting SSL for some programming languages including php(at least for now). What I am planning to do is to use PKI encryption when sending password information and to use short lived encrypted tokens during communication to avoid replay attacks. Generally it needs significant effort to come up with a both secure and an efficient security protocol. Even SSL uses symmetric key after initial handshake (after exchanging symmetric key). Therefore it would be great if you could use an existing PHP SSL library such as [2], instead of PKI encrypted passwords. I dont know how much effort is needed to incorporate such implementation to thrift layer. But I do believe this is something people have already done. [2] http://www.php.net/manual/en/book.openssl.php Thanks -Thejaka Amila Thank you Supun [1] - https://github.com/scnakandala/airavata-userapi/blob/master/userapi/thrift-interface-descriptors/userAPI.thrift -- Thank you Supun Nakandala Dept. Computer Science and Engineering University of Moratuwa -- Thank you Supun Nakandala Dept. Computer Science and Engineering University of Moratuwa
