[jira] [Commented] (AIRAVATA-1624) [GSoC] Securing Airavata API

Fri, 06 Mar 2015 14:41:54 -0800 

    [ 
https://issues.apache.org/jira/browse/AIRAVATA-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14351055#comment-14351055
 ] 

Hasini Gunasinghe commented on AIRAVATA-1624:
---------------------------------------------

Hi Suresh,

WSO2 IS does have an extension point to connect to external user stores (even 
multiple external user stores). The amount of work need to integrate with a 
custom JDBC based database can vary from changing a configuration file to 
writing a custom user-store manager class (depending on the schema of the 
external user-store) by extending the existing JDBC User Store Manager or by 
implementing the User Store Manager interface and dropping the jar file to WSO2 
IS.
Please refer this documentation for more details: 
https://docs.wso2.com/display/IS500/Writing+a+Custom+User+Store+Manager

Thanks,
Hasini.

> [GSoC] Securing Airavata API
> ----------------------------
>
>                 Key: AIRAVATA-1624
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-1624
>             Project: Airavata
>          Issue Type: New Feature
>          Components: Airavata API
>            Reporter: Suresh Marru
>              Labels: gsoc, gsoc2015, mentor
>         Attachments: Securing_ARAVATA_API_V1.pdf
>
>
> Apache Airavata uses Thrift based API's for external facing API's and for 
> system internal CPI's. The API's need to be secured adding authentication and 
> authorization capabilities. 
> The Authentication need to ensure only approved users/clients can 
> communicate. Similarly clients should only interact with valid servers. 
> Authorization need to be enforced to ensure only users with specific roles 
> can appropriately access specific API's. As an example, administrative roles 
> should be able see all the users experiments where as end users can only see 
> his/her data and not access other information (unless explicitly shared). 
> Earlier GSoC project focused on this topic has relavent discussion. 
> https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to