Hi,

Currently we use username/password base authentication when retrieving and
publishing metadata via metadata service API. The issue with this approach
is one client can access/alter other app's data if it know the application
id.
I suggest to use oAuth to secure resources and let the client access only
the metadata related to its application.
I am doing R&D on possible ways of accomplishing this task and will update
the thread on my finding. Currently I am assesing the feasibility of WSO2
IS Oauth feature and WSO2APIM key manager feature.


-- 

Udara Liyanage
Software Engineer
WSO2, Inc.: http://wso2.com
lean. enterprise. middleware

web: http://udaraliyanage.wordpress.com
phone: +94 71 443 6897

Reply via email to