Hi Sumedha,
Currently "no". We need to support both Single JVM and destributed setups. For single JVM, we may need to install either API manager key-manager feature or IS oAuth feature. On Tue, Nov 18, 2014 at 12:31 PM, Sumedha Rubasinghe <sumedh...@gmail.com> wrote: > Udara, > Do you have WSO2 API Manager/IS running? > > On Tue, Nov 18, 2014 at 11:00 AM, Udara Liyanage <ud...@wso2.com> wrote: > >> Hi, >> >> Currently we use username/password base authentication when retrieving >> and publishing metadata via metadata service API. The issue with this >> approach is one client can access/alter other app's data if it know the >> application id. >> I suggest to use oAuth to secure resources and let the client access only >> the metadata related to its application. >> I am doing R&D on possible ways of accomplishing this task and will >> update the thread on my finding. Currently I am assesing the feasibility of >> WSO2 IS Oauth feature and WSO2APIM key manager feature. >> >> >> -- >> >> Udara Liyanage >> Software Engineer >> WSO2, Inc.: http://wso2.com >> lean. enterprise. middleware >> >> web: http://udaraliyanage.wordpress.com >> phone: +94 71 443 6897 >> > > -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897