[
https://issues.apache.org/jira/browse/AIRAVATA-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14568951#comment-14568951
]
Hasini Gunasinghe edited comment on AIRAVATA-1624 at 6/2/15 11:07 AM:
----------------------------------------------------------------------
Hi all,
I have created a updated pull request[1] based on the previous pull request by
merging it with the 0.16 master. It would be great if I could get to know if
you are OK with the way API methods are changed with this solution, so that I
could complete applying the same changes to all the API methods.
I have listed the steps a developer will have to follow if he/she wishes to
enforce security on any method that will be added to the API in the future at
https://cwiki.apache.org/confluence/display/AIRAVATA/Developer+Documentation+for+Securing+Airavata+API
As the security enforcement can be enabled/disabled at the Airavata server
side, you do not need to run WSO2 IS every time the server is started, although
these changes are applied.
[1] https://github.com/apache/airavata/pull/12
Thanks & Best Regards,
Hasini.
was (Author: hasinig):
Hi all,
I have created a updated pull request based on the previous pull request by
merging it with the 0.16 master. It would be great if I could get to know if
you are OK with the way API methods are changed with this solution, so that I
could complete applying the same changes to all the API methods.
I have listed the steps a developer will have to follow if he/she wishes to
enforce security on any method that will be added to the API in the future at
https://cwiki.apache.org/confluence/display/AIRAVATA/Developer+Documentation+for+Securing+Airavata+API
As the security enforcement can be enabled/disabled at the Airavata server
side, you do not need to run WSO2 IS every time the server is started, although
these changes are applied.
Thanks & Best Regards,
Hasini.
> [GSoC] Securing Airavata API
> ----------------------------
>
> Key: AIRAVATA-1624
> URL: https://issues.apache.org/jira/browse/AIRAVATA-1624
> Project: Airavata
> Issue Type: New Feature
> Components: Airavata API
> Reporter: Suresh Marru
> Labels: gsoc, gsoc2015, mentor
> Fix For: WISHLIST
>
> Attachments: Securing_ARAVATA_API_V1.pdf
>
>
> Apache Airavata uses Thrift based API's for external facing API's and for
> system internal CPI's. The API's need to be secured adding authentication and
> authorization capabilities.
> The Authentication need to ensure only approved users/clients can
> communicate. Similarly clients should only interact with valid servers.
> Authorization need to be enforced to ensure only users with specific roles
> can appropriately access specific API's. As an example, administrative roles
> should be able see all the users experiments where as end users can only see
> his/her data and not access other information (unless explicitly shared).
> Earlier GSoC project focused on this topic has relavent discussion.
> https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
