[jira] [Commented] (AIRAVATA-1624) [GSoC] Securing Airavata API

Sun, 24 May 2015 20:34:33 -0700 

    [ 
https://issues.apache.org/jira/browse/AIRAVATA-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14557944#comment-14557944
 ] 

Hasini Gunasinghe commented on AIRAVATA-1624:
---------------------------------------------

Hi Suresh and Airavata team,

This is to provide an update about the work done so far for the sprint 1 of the 
GSoC project.
I sent a pull request from the forked repo on which I did the modifications to 
the Airavata code. Please let me know if you have not received it.
Please find more details about the work on the first week of the sprint 1, how 
to run the implemented PoC and the associated sample, remaining work on sprint 
1 and planned tasks for sprint 2 at the wiki page: 
https://cwiki.apache.org/confluence/display/AIRAVATA/Sprint+1

I would appreciate your feedback.

Thanks,
Hasini.

> [GSoC] Securing Airavata API
> ----------------------------
>
>                 Key: AIRAVATA-1624
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-1624
>             Project: Airavata
>          Issue Type: New Feature
>          Components: Airavata API
>            Reporter: Suresh Marru
>              Labels: gsoc, gsoc2015, mentor
>             Fix For: WISHLIST
>
>         Attachments: Securing_ARAVATA_API_V1.pdf
>
>
> Apache Airavata uses Thrift based API's for external facing API's and for 
> system internal CPI's. The API's need to be secured adding authentication and 
> authorization capabilities. 
> The Authentication need to ensure only approved users/clients can 
> communicate. Similarly clients should only interact with valid servers. 
> Authorization need to be enforced to ensure only users with specific roles 
> can appropriately access specific API's. As an example, administrative roles 
> should be able see all the users experiments where as end users can only see 
> his/her data and not access other information (unless explicitly shared). 
> Earlier GSoC project focused on this topic has relavent discussion. 
> https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to