Udara, Do you have WSO2 API Manager/IS running? On Tue, Nov 18, 2014 at 11:00 AM, Udara Liyanage <ud...@wso2.com> wrote:
> Hi, > > Currently we use username/password base authentication when retrieving and > publishing metadata via metadata service API. The issue with this approach > is one client can access/alter other app's data if it know the application > id. > I suggest to use oAuth to secure resources and let the client access only > the metadata related to its application. > I am doing R&D on possible ways of accomplishing this task and will update > the thread on my finding. Currently I am assesing the feasibility of WSO2 > IS Oauth feature and WSO2APIM key manager feature. > > > -- > > Udara Liyanage > Software Engineer > WSO2, Inc.: http://wso2.com > lean. enterprise. middleware > > web: http://udaraliyanage.wordpress.com > phone: +94 71 443 6897 >