from:"Harshan Liyanage"

Re: [Architecture] About EMM-Android Local Push Notification Mechanism

2014-04-09 Thread Harshan Liyanage

Hi Kasun,

I think we must implement the method you are proposing. Since this
AlarmManager system service will wakeup our EMM agent in every 10 mins (or
in configured intervals) it will make sure that our EMM agent is running in
the device. Otherwise there would be no way that we could guarantee that
EMM-agent process is running in the device.

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Wed, Apr 9, 2014 at 9:33 PM, Kasun Dananjaya Delgolla kas...@wso2.comwrote:

Hi All,

This is to brief and discuss about the architecture of the $subject. So
here's how it works.

We gonna enable both GCM and Local push as switchable options so that
depending on the requirement, we can choose which method to go with.

Android's native service such as AlarmManager will be used to trigger
local notifications so that it will be very effective with Battery
consumption.

On Agent launch, if the selected method is local push, Agent will initiate
a repeating event using AlarmManager. (Ex: Repeat every 10mins). When the
AlarmManager triggers the event, it simply get captured by the Local
Notification Receiver resides in our EMM Agent. And then it will perform
the necessary action (Operation/Contacting the server).

I have already done a thorough testing on battery consumption using this
method which is less than 0.5% when this service is running every 5 minutes
with a web service call.

Therefore this can actually be used as an alternative to GCM. And it can
also be used to capture violations (If the device is stolen and the network
is switch off etc) and implement a self initiation protocol in such cases.
But IMO we should keep both the options because those 2 can come handy in
different situations.

So WDYT?

Given below is how Android EMM Agent will look like,

[image: Inline image 1]

If you want an in-depth diagram on the current EMM Agent Architecture [1].

[1] -
https://docs.google.com/a/wso2.com/drawings/d/12LOSMJxPtcI_XXjkD5RnPp-uaJGTFtCC-MXkmPLT4LY/edit?usp=sharing

Thanks
--
Kasun Dananjaya Delgolla

Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
Tel: +94 11 214 5345
Fax: +94 11 2145300
Mob: + 94 777 997 850
Blog: http://kddcodingparadise.blogspot.com
Linkedin: *http://lk.linkedin.com/in/kasundananjaya
http://lk.linkedin.com/in/kasundananjaya*

inline: Local notifications - Android.png___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] EMM - UI Design

2014-05-04 Thread Harshan Liyanage

Hi,

It's true that we should have unified UI's for all the applications. But
reinventing the front-end MVC frameworks won't be a good idea (agree with
Chan's idea). IMO we should look deeper into this and find a proper way to
do the front-ends of our application (at least selecting the technologies 
setting-up guidelines for UI design will be helpful).

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.


On Mon, May 5, 2014 at 9:44 AM, Pubudu Dissanayake pubu...@wso2.com wrote:

 Please refer my in-line comment.


 On Sun, May 4, 2014 at 9:29 AM, Chanaka Jayasena chan...@wso2.com wrote:

 I agree that we need to unify the look and feel of these UIs. When
 working with WSO2 Cloud the importance of unified look and feel is more
 visible. Considering the top and left menus usability wise both have pros
 and cons. Generally it's good to have a left side menu when there are
 growing number of options for it. In the Cloud UI it's better to have the
 menu at the top, since we have to inject the same menu to the App Factory
 UI and API Store/Publisher UIs.

 @Dilshan, API Store, API Publisher, and App Factory is done with an older
 version of Caramel. This is why there is a significant difference in the
 coding pattern. I don't think Caramel existed when the API Store/Manger
 applications were started developing. The latest version of Caremel we use
 for Stratos Web Console is way better than the older versions. It pushes
 front end developers to write clean code without messing with complex
 jQuery Dom manipulation to present data to the UI. We have handlebars.js
 with Caramel. Even though handebars.js ( Template Engine)  and AngularJS (
 HTML Compiler and data binder )  is completely different things, using them
 together doesn't make sense IMO. Chthura please do a research and find out
 that his need for AngularJS is filled by handebars.js or not.

 To have a consistent look and feel in Carbon products, the way Carbon UI
 initially developed helped. If we can have a similar patten where there is
 a core component with default styles, layout and let each product override
 these styles with there own, it will drive every product to have a common
 look and feel.

 Indeed, Having unified UI framework is a must and let products to build
 their own UI is a bad idea. We should come up with a proper structure (
 previous carbon releases has this component.xml based approach ) therefore
 we can build on top of it (hence can re-use it for future carbon UI
 framework) . IMO consistency has to be there.


 thanks,
 Chanaka

 --
 *Pubudu Dissanayake*
  Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware
 Mobile: 0775503304

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Writing Unit tests for iOS EMM client

2014-05-05 Thread Harshan Liyanage

Hi,

I have started $subject for WSO2 EMM next release. In the iOS client we
need to add unit tests for reading/writing a plist file and for
asynchronous network operations. I'm using SenTestingKit[1] as the unit
testing framework. It's the default unit testing framework in ios sdk prior
to ios 7.

I'm mocking the network calls for unit testing asynchronous network
operations. For that I'll be using OHHTTPStubs [2] framework which is under
MIT license.

If you have any ideas regarding this please let me know.

[1].
http://www.quantum-step.com/download/sources/mystep/OCUnit/SourceCode/SenTestingKit/Documentation/IntroSenTestingKit.html
[2]. https://github.com/AliSoftware/OHHTTPStubs


Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Writing Unit tests for iOS EMM client

2014-05-05 Thread Harshan Liyanage

Hi Dilshan,

That'll be very helpful for integration tests.

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.


On Mon, May 5, 2014 at 3:31 PM, Dilshan Edirisuriya dils...@wso2.comwrote:

 Hi Harshan,

 For integrations tests I prefer you look at KIF at [1]. This is a widely
 used library. Its under Apache 2 license. Later on you can directly
 integrate this to a CI server as well.


 [1] - https://github.com/kif-framework/KIF
 [2] - https://github.com/kif-framework/KIF/blob/master/LICENSE

 Regards,

 Dilshan


 On Mon, May 5, 2014 at 2:02 PM, Harshan Liyanage hars...@wso2.com wrote:

 Hi,

 I have started $subject for WSO2 EMM next release. In the iOS client we
 need to add unit tests for reading/writing a plist file and for
 asynchronous network operations. I'm using SenTestingKit[1] as the unit
 testing framework. It's the default unit testing framework in ios sdk prior
 to ios 7.

 I'm mocking the network calls for unit testing asynchronous network
 operations. For that I'll be using OHHTTPStubs [2] framework which is under
 MIT license.

 If you have any ideas regarding this please let me know.

 [1].
 http://www.quantum-step.com/download/sources/mystep/OCUnit/SourceCode/SenTestingKit/Documentation/IntroSenTestingKit.html
 [2]. https://github.com/AliSoftware/OHHTTPStubs


 Best Regards,

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.




 --
 Dilshan Edirisuriya
 Senior Software Engineer - WSO2
 Mob: + 94 777878905
 http://wso2.com/

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Using maven to create build Android Cordova-Android projects in AppFactory

2014-07-16 Thread Harshan Liyanage

Hi,

Currently I'm involved in using maven to create build Android /
Cordova-Android application projects as a part of MEAP project which will
be used to create build mobile application projects using AppFactory.
There is a android-maven plugin [3] a maven-archetype [4] which can be
used for building creating android applications. Using maven in android
application projects has been explained well in [1].

However the maven plugin, archetypes android-maven dependencies in
central maven repo are not provided by Google as mentioned in [4] [5].
These are provided by android-maven developer community. But they do not
regularly update maven central repo with latest Android sdk dependencies
[6]. Last dependency was released on August 2012 for Android 4.1.1.4 (sdk
16). Hopefully Google might provide android dependencies in future with
Gradle based build system [9].

*Issue : *Lack of android dependencies in maven central repo

*Solutions :*

1. Using maven-android deployer tool [7] to install android sdk
dependencies to local m2 repo. This tool has been widely used by the
developers who uses maven to build android projects. Then by installing
these dependencies into wso2 nexus repo we could build Android maven
projects. This solution will allow us to use above mentioned maven-android
plugin archetype with slight modifications.

2. Using maven to invoke shell commands to create android project build
it using Ant (default Android build system till Android switches to Gradle)

I'm expecting to use first solution. Please provide your suggestions
regarding this.

*References*

[1]. http://books.sonatype.com/mvnref-book/reference/android-dev.html
[2].
http://stackoverflow.com/questions/5253029/why-arent-the-android-sdk-jars-in-any-maven-repository
[3]. https://code.google.com/p/maven-android-plugin/
[4]. http://stand.spree.de/wiki_details_maven_archetypes
[5].
https://groups.google.com/forum/#!topic/maven-android-developers/ZG9z6kQuPYo
[6].
http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.google.android%22%20AND%20a%3A%22android%22
[7]. https://github.com/mosabua/maven-android-sdk-deployer
[8]. http://developer.android.com/tools/building/index.html
[9]. http://www.gradleware.com/android/gradle-the-new-android-build-system/

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Using maven to create build Android Cordova-Android projects in AppFactory

2014-07-17 Thread Harshan Liyanage

Hi Ramith,

Gradle for android is still a new technology for Android developers. AFAIK
most of the android developers use default Ant based build for Android
projects. I think going with maven /ant would be safer.

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Thu, Jul 17, 2014 at 11:12 AM, Ramith Jayasinghe ram...@wso2.com wrote:

Hi Chathura,
There could be problems since we don't have the support for gradle with
in AF ( even if Jenkins supports it through a plug-in). Supporting Gradle
might require some work ( and note that as far as I know we haven't thought
of doing it now either).
does majority of android developers use gradle ?. If its not the case I
would propose going with what we have for now ( maven/ant) as the first cut
and then figure out ways to improve on it.
what do you guys think?
regards
Ramith

On Wed, Jul 16, 2014 at 6:57 PM, Chathura Dilan chathu...@wso2.com
wrote:

Hi Harshan,

Are there any difficulties to move to Gradle? I think they have all the
dependencies including latest Android L preview

On Wed, Jul 16, 2014 at 6:23 PM, Harshan Liyanage hars...@wso2.com
wrote:

Hi,

*Issue : *Lack of android dependencies in maven central repo

*Solutions :*

2. Using maven to invoke shell commands to create android project
build it using Ant (default Android build system till Android switches to
Gradle)

I'm expecting to use first solution. Please provide your suggestions
regarding this.

*References*

[1]. http://books.sonatype.com/mvnref-book/reference/android-dev.html
[2].
http://stackoverflow.com/questions/5253029/why-arent-the-android-sdk-jars-in-any-maven-repository
[3]. https://code.google.com/p/maven-android-plugin/
[4]. http://stand.spree.de/wiki_details_maven_archetypes
[5].
https://groups.google.com/forum/#!topic/maven-android-developers/ZG9z6kQuPYo
[6].
http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.google.android%22%20AND%20a%3A%22android%22
[7]. https://github.com/mosabua/maven-android-sdk-deployer
[8]. http://developer.android.com/tools/building/index.html
[9].
http://www.gradleware.com/android/gradle-the-new-android-build-system/

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

--
Regards,

Chatura Dilan Perera
*(Senior Software Engineer** - WSO2 Inc.* * [Mobile])*
www.dilan.me

--
Ramith Jayasinghe
Technical Lead
WSO2 Inc., http://wso2.com
lean.enterprise.middleware

E: ram...@wso2.com

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] A mechanism to communicate server shutdown to the bundles, just before actual server shutdown

2014-09-14 Thread Harshan Liyanage

Hi Jayanga,

Why can't register the CarbonServerShutdownPrepareService in normal OSGi
service registration manner (without registering it in server shutdown)? Is
that because you need to have synchronized manner or any other particular
reason to do so?

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Mon, Sep 15, 2014 at 10:13 AM, Jayanga Dissanayake jaya...@wso2.com
wrote:

 Hi Amila,

 Sorry about the confusion.
 Generally, in OSGi bundles, we register services provided by a particular
 bundle in the bundle activation, That is true.

 But in this scenario, I am registering the
 CarbonServerShutdownPrepareService in the
 org.wso2.carbon.core.init.CarbonServerManager.shutdownGracefully() method,
 which is called when the server about to shutdown. As actual server
 shutting down process is not yet started, all the bundles are active and
 the server is still in the full operational mode. So, we can register a new
 service without any harm.

 In OSGi framework, service registration, activation of dependent bundles,
 notifying listers and trackers happen in synchronized manner. So the
 shutdownGracefully() cannot proceed until the above service registration
 tasks completes. So, the bundles, which was waiting for the
 CarbonServerShutdownPrepareService can start doing its expected tasks
 (house keeping tasks that has to be carried out just before the server
 shutdown)

 Thanks
 Jayanga.

 *Jayanga Dissanayake*
 Senior Software Engineer
 WSO2 Inc. - http://wso2.com/
 lean . enterprise . middleware
 email: jaya...@wso2.com
 mobile: +94772207259

 On Sun, Sep 14, 2014 at 1:36 AM, Amila Maha Arachchi ami...@wso2.com
 wrote:



 On Thu, Sep 11, 2014 at 10:47 PM, Jayanga Dissanayake jaya...@wso2.com
 wrote:

 Hi,

 There was a requirement to detect the server shutdown from some bundles
 before the OSGi framework begin to shutdown. Because there were situations
 where some bundle have there own  transports. If server shutdown happens
 while there were buffered messages, those should be processes before that
 particular bundle get deactivated.

 As the bundle stopping sequence is not guaranteed in OSGi environments,
 There may be some required bundles/services already being stopped when that
 particular bundle wants to do the finalizing tasks.

 So, as a solution I tried the following,
 Register an OSGi service CarbonServerShutdownPrepareService in the
 shutdownGracefully() before the actual server shutdown is called.  So, just
 before the server shutdown CarbonServerShutdownPrepareService get
 activated.
 Then add some dummy OSGi Declarative Service components, that is waiting
 for  ”CarbonServerShutdownPrepareService”,
 Then start the server and shutdown the server,

 Observations,
 When the server is shutting down,
 1. first it registers the service “CarbonServerShutdownPrepareService”
 2. then all the bundles waiting for that service get activated, (if
 there are listers or trackers, those get notified)
 3. then actual server shutdown happens


 AFAIK, OSGi services are registered when the components startup. Here,
 you have said that  CarbonServerShutdownPrepareService is registered when
 the server is shut down. This is not clear to me.

 Did you mean the following approach:
 1. Register an OSGi service at the server startup.
 2. Add declarative service dependencies to the bundles which needs to be
 notified about the shutdown. These bundles should implement a listener or a
 tracker.
 3. When the server shutdown is called, it notifies the dependents. Is
 this sequential?

 It seems that I don't understand something here. If it is the case,
 please explain it to me. :)

 Thanks.


 As the osgi framework's service registration and un-registration happens
 in a single thread, It is guaranteed that registration of
 “CarbonServerShutdownPrepareService” and notification of that registration
 to the other bundles happens in a sequential manner in a single thread.

 So, any bundle can perform there house keeping tasks that has to carry
 out just before the server shutdown.

 Suggestions, improvements and alternatives are welcome

 Thanks,
 *Jayanga Dissanayake*
 Senior Software Engineer
 WSO2 Inc. - http://wso2.com/
 lean . enterprise . middleware
 email: jaya...@wso2.com
 mobile: +94772207259




 --
 *Amila Maharachchi*
 Senior Technical Lead
 WSO2, Inc.; http://wso2.com

 Blog: http://maharachchi.blogspot.com
 Mobile: +94719371446



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Integrating BAM with EMM

2014-09-29 Thread Harshan Liyanage

Hi Inosh,

Please find my comments inline.

 User's who have violated a policy during a certain period.(This will
catch if the user violates a policy and then again adheres to it later)
I think it would be better to get the list of users who have violated a
particular policy first. Lets give the option to filter those results using
the time interval. WDYT?

How about getting the list of policies violated by an user or role?

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Mon, Sep 29, 2014 at 11:24 AM, Inosh Perera ino...@wso2.com wrote:

 Hi all,
 Following are some of the information we can extract once we integrate
 BAM, Please update the list if you see anything missing,

 Info-
 User's location during a certain time period
 How many times the user visited an area.
 Battery levels variation of a device during its life time or during a
 certain period(Can find out which devices performs well)
 Times where certain devices went offline.

 Apps-
 Installed App list of device
 Apps installed/uninstalled during a period
 Search for user's who have installed a certain app during any point of time

 Policy-
 User's who have cameras disabled/enabled.
 User's who have violated a policy during a certain period.(This will catch
 if the user violates a policy and then again adheres to it later)
 Policy violation frequency- per user/ over roll/ during a time period

 APIs-
 Track API usage during time period- such as, notifications, isregistered,
 monitoring

 Registrations-
 Registrations per users(register,unregister which we don't track now)


 Regards,
 Inosh

 On Wed, Sep 24, 2014 at 5:59 PM, Inosh Perera ino...@wso2.com wrote:

 Hi all,
 Based on an offline discussion we had with EMM team on the where to pick
 the data in order to publish, we decided it would be best, not to write a
 custom valve and handle it, instead collect all the data at EMM level. This
 is because, some data doesn't go through API manager valve currently. For
 example iOS bypasses the valve. Also based on a discussion with UES and BAM
 team, we decided to go with BAM dashboards to show statics, since these
 products are not yet integrated.

 Regards,
 Inosh

 On Thu, Sep 18, 2014 at 8:56 AM, Inosh Perera ino...@wso2.com wrote:

 Hi Dilshan,
 Stat publisher component is written in Java, and there will be APIs to
 publish each event to BAM. With current implementation of EMM, Jaggery will
 call these APIs when it is necessary to publish data. And this call will
 happen in a separate thread[1] and inside java publishing component also,
 we are using AsyncDataPublisher. Is this what you meant by asynchronously? 
 Regarding which
 point should call to publish data; Issue in calling at API level is we have
 complex Json payloads coming from devices and also when we are responding.
 These things have to be parsed twice if we do at the API level. Also iOS
 doesn't go through API manager. We can do it in the driver.js where all the
 DB requests come, Is this a valid approach? True, doing this at function
 level will involves a lot of changes.

 [1] [DEV][Jaggery] Calling a Java method asynchronously from Jaggery

 Regards,
 Inosh

 On Thu, Sep 18, 2014 at 3:04 AM, Dilshan Edirisuriya dils...@wso2.com
 wrote:

 Hi Inosh,

 With the proposed refactoring discussions there is a high chance that
 most of the existing code get migrated to components. Hence is it possible
 to move this stat publisher logic into Java components and call them
 through API layer or some other generic point rather than adding them in
 actual functions. Also why not we focus on getting them done asynchronously
 where possible?

 Regards,

 Dilshan

 On Tue, Sep 16, 2014 at 9:00 PM, Inosh Perera ino...@wso2.com wrote:

 Hi Maninda/Gihan,
 Based on the offline discussions we had, your suggestions here seems
 to be the ideal solution for our scenario. Since the payloads coming to 
 EMM
 have complex Json objects, writing a custom valve and extracting data
 doesn't seem like a good option. We will have to extract data at
 application level. In a situation like this, I can think of 2 places, 
 where
 we can publish data when it comes to EMM.  Lets say if you are inserting
 some record to the EMM database that we need to send to BAM as well, in
 this case, we can find the function that is sending the db request (for
 example register new user function) or there is a class in EMM that 
 handles
 all the db request, something like a db object, which place seem like the
 ideal place to collect data? In my opinion, publishing data has to be done
 in each function.

 Regards,
 Inosh

 On Tue, Sep 16, 2014 at 4:53 PM, Maninda Edirisooriya 
 mani...@wso2.com wrote:

 Hi Inosh,

 And you need to extract parameter fields in the Application level and
 note that these field set should be fixed for all the events.

Re: [Architecture] What is the best/wso2 way to authenticate REST endpoints.

2014-10-22 Thread Harshan Liyanage

Hi,

Using OAuth will be beneficial future-proof as well. You can use it
easily when the APIs are exposed to the public. +1 for using OAuth for API
Security.

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Sun, Oct 19, 2014 at 7:29 PM, Manoj Gunawardena man...@wso2.com wrote:

Hi,
+1 for OAuth2. Because publisher APIs can be use in mobile devices.
Ex -: customer implements mobile app to publish assets

Also need to think about how customer can extend (customize) the security
with our extension model.
Ex-: Customer writes a extended publisher API and need to give different
grant types and roles

Also , I think better to maintain one security mechanism, rather than
secure some apis with oAuth2 and some apis with Basic Authentication.

Thanks

On Sun, Oct 19, 2014 at 1:12 PM, Ayesha Dissanayaka aye...@wso2.com
wrote:

Thank you everyone for your valuable inputs.

@Udara,
These API endpoints are used by ES publisher App itself and will be
invoked by authorized third party as well. In that way we have enabled
accessing ES back office via remote clients as well.

According to suggestions in this thread having aouth is the best way to
secure the endpoints which are exposed to third party.

We will decide whether to use basic-aouth/aouth or suppot both, and
update the thread on final outcome.

Thanks!
- Ayesha

On Sat, Oct 18, 2014 at 10:27 PM, Udara Liyanage ud...@wso2.com wrote:

Hi,

Having basic oauth with HTTPS is kind of secured as long as no third
party is invoking the APIs.

Touched, not typed. Erroneous words are a feature, not a typo.

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

--
*Ayesha Dissanayaka*
Software Engineer,
WSO2, Inc : http://wso2.com
http://www.google.com/url?q=http%3A%2F%2Fwso2.comsa=Dsntz=1usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg
20, Palmgrove Avenue, Colombo 3
E-Mail: aye...@wso2.com ayshsa...@gmail.com

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

--
Manoj Gunawardena
Tech Lead
WSO2, Inc.: http://wso2.com
lean.enterprise.middleware
Mobile : +94 77 2291643

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] Proposed Device Operations Flow of CDM

2014-11-03 Thread Harshan Liyanage

Hi,

Please find the attached proposed device operations flow of CDM. Your
suggestions  feedback is highly appreciated.


Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.


Operation Flow (1).pdf
Description: Adobe PDF document
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Proposed Device Operations Flow of CDM

2014-11-03 Thread Harshan Liyanage

Hi InoshP,

Before explaining the above scenario I'll explain the process of payload
generation when a request for new operation comes to the CDM core.

1. CDM Core bundle will detect its device platform using the operation code
2. Validate the operation against the supported device operations
3. Send the operation request to the device-platform bundle for converting
it to a *device-specific payload*
4. Put the converted payload into the *OUT* queue

We have two options when it comes to your scenario.
1. Create a new payload including the previous operation  new operation
2. Create another payload. So that 2 payloads will be stored in the *OUT *
queue.

IMO the best option would be 1, since the second option will consume more
memory in the queue  more bandwidth of the device because it has to take 2
payloads.
For supporting the option 1, we have the following options.

1. Device platform bundle will take the platform-specific payload in the
queue  merge it with the new operation
In this case, the overhead of the device platform bundle will be much
higher because it must know how to convert back the *platform-specific
payload* to the *platform-independent* form. This will make writing a new
device-platform bundle a tedious task because of the complexity of payload
transformation logic. So I'm -1 on this option.

2. We'll use a platform-independent format for saving the payload into the
queue which can be easily merged with new operations. This
platform-independent payload will be converted when the device contacts the
CDM server for pending operations.
This is much more easier method than the first option. But this will affect
the number of concurrent devices CDM can support due to the on-demand
conversion of payloads. On the other-hand this method will reduce the
resource consumption  avoid unnecessary payload transformations.
Further-more this will reduce the complexity of CDM core because there is
no need to get the payload corresponding to the operation from the
device-platform bundle  put it into the OUT queue.

3. Save the platform-independent payload format along with the
platform-specific payload in the queue.
This method will increase the resource consumption because we need more
memory to keep the platform-independent payload  platform-dependent
payload in the OUT queue. But this will increase the number of concurrent
devices CDM can support because the payload is readily available when the
device contacts the server.

I'm +1 for both 2nd and 3rd options. WDYT?

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Mon, Nov 3, 2014 at 3:47 PM, Inosh Perera ino...@wso2.com wrote:

 Hi Harshan,
 If for example, a message to a device is already in the queue and when
 monitoring happen, a similar payload is generated. How is it handled when
 it comes to communication between out queue and device platform bundle?

 Regards,
 Inosh

 On Mon, Nov 3, 2014 at 3:20 PM, Harshan Liyanage hars...@wso2.com wrote:

 Hi,

 Please find the attached proposed device operations flow of CDM. Your
 suggestions  feedback is highly appreciated.


 Thanks,

 Best Regards,

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.




 --
 Inosh Perera
 Software Engineer, WSO2 Inc.
 Tel: 0785293686

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Proposed Device Operations Flow of CDM

2014-11-03 Thread Harshan Liyanage

Hi Niranjan,

Please find my comments in line.

 IMO this would be the a better option since the overhead is removed when
the device tries to communicate with the server to get the payload. AFAIU
even in the option 2 and 3, the device platform bundle should be able to
convert the platform-independent payload to device specific payload.
Therefore if in the platform-specific bundle has the reverse logic that is
converting device specific to platform independent payload then the
overhead is there at the time when a new operation is added. WDYT?

Yes. But in 2, 3rd options there is no need to write the reverse logic to
convert device-specific payload into platform-independent one. In option 3,
the payload is readily available when device contacts the server. So
sticking to the option 1 will increase the burden of the device platform
bundle developers.

I noticed that in the diagram, all the operations are put into the queue
and the device contacts to retrieve the message. What about the scenario
where the server would want to contact the device that is for example in
Android and iOS, the server can connect the device via the GCM or APNS
respectively. How is this handled?

In the new architecture we have given the user to choose the preferred way
of sending operations to the devices. Basically there will be 3 modes and
I've only included the Local notification mode in this flow diagram.

1. Cloud based push notification mode (GCM, APNS)
This is entirely based on cloud messaging services like GCM or APNS where
the payload to be sent to the device is incorporated into a cloud message 
send to the device.

2. Local notification mode
This method is similar to the existing Android Local notification system
where the device periodically checks the server for pending operations.

3. Hybrid mode
With this mode we'll use cloud messaging service to send a wake-up
notification to the device. When the wake-up notification is received the
device will contact the server for pending operations.

So for supporting 1st  3rd mode, there must be an asynchronous background
processor (as in *IN Queue*) which processes messages to be sent to the
Cloud services. Device-platform bundle must have the logic to create such
payloads  send them to the cloud service. I'll update the diagram with
these modes. Thanks for the reminding it.

Thanks,

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Tue, Nov 4, 2014 at 10:14 AM, Niranjan Karunanandham niran...@wso2.com
wrote:

 Hi Harshan

 1. Device platform bundle will take the platform-specific payload in the
 queue  merge it with the new operation
 In this case, the overhead of the device platform bundle will be much
 higher because it must know how to convert back the *platform-specific
 payload* to the *platform-independent* form. This will make writing a
 new device-platform bundle a tedious task because of the complexity of
 payload transformation logic. So I'm -1 on this option.

  IMO this would be the a better option since the overhead is removed when
 the device tries to communicate with the server to get the payload. AFAIU
 even in the option 2 and 3, the device platform bundle should be able to
 convert the platform-independent payload to device specific payload.
 Therefore if in the platform-specific bundle has the reverse logic that is
 converting device specific to platform independent payload then the
 overhead is there at the time when a new operation is added. WDYT?

 I noticed that in the diagram, all the operations are put into the queue
 and the device contacts to retrieve the message. What about the scenario
 where the server would want to contact the device that is for example in
 Android and iOS, the server can connect the device via the GCM or APNS
 respectively. How is this handled?

 Regards,
 Nira

 On Mon, Nov 3, 2014 at 5:36 PM, Harshan Liyanage hars...@wso2.com wrote:

 Hi InoshP,

 Before explaining the above scenario I'll explain the process of payload
 generation when a request for new operation comes to the CDM core.

 1. CDM Core bundle will detect its device platform using the operation
 code
 2. Validate the operation against the supported device operations
 3. Send the operation request to the device-platform bundle for
 converting it to a *device-specific payload*
 4. Put the converted payload into the *OUT* queue

 We have two options when it comes to your scenario.
 1. Create a new payload including the previous operation  new operation
 2. Create another payload. So that 2 payloads will be stored in the *OUT
 *queue.

 IMO the best option would be 1, since the second option will consume more
 memory in the queue  more bandwidth of the device because it has to take 2
 payloads.
 For supporting the option 1, we have the following options.

 1. Device platform bundle will take

Re: [Architecture] OSGI Service and Admin Services

2014-11-14 Thread Harshan Liyanage

Hi Godwin,

IMO keeping the business logic separate from the services will be more
appropriate. So that you can change the business logic later without
breaking the service contract.

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Fri, Nov 14, 2014 at 11:29 AM, Godwin Amila Shrimal god...@wso2.com
wrote:

 Hi All,

 Thanks for the feedback, I think I described it wrongly, I didn't
 mentioned 3 options to do this, I mentioned 3 steps to overcome the issue.
 Sorry for my bad.

 @Sameera : As you have mentioned we'll be have issues when admin services
 use axis2 context hierarchy e.g. MessageContext, properties set in
 Handlers etc, In that case what is the best way to implement, Do we have to
 keep separate business logic implementations for OSGIService and
 AdminService ?


 Thanks
 Godwin




 On Fri, Nov 14, 2014 at 11:22 AM, Sameera Jayasoma same...@wso2.com
 wrote:

 Hi Godwin,

 We tried the approach sometime back, but had to drop this coz of some
 complexities.
 *  Some admin services needs to access the axis2 context hierarchy e.g.
 MessageContext, properties set in Handlers etc.   So you cannot put all
 business logic to a OSGi Service.
 * Admin services can define permissions required to access them and the
 Security handlers checks whether the user is allowed access admin
 services.  OSGi services which gives the same functionality as admin
 services allows components to use them freely without and security
 restrictions. AFAIR we faced such issues sometime back.

 This approach is okay for some OSGi services/admin services, but not for
 all. So we need to carefully think before exposing an Admin service as an
 OSGi service.

 Thanks,
 Sameera.

 On Thu, Nov 13, 2014 at 10:36 PM, Godwin Amila Shrimal god...@wso2.com
 wrote:

 Hi,

 We have Admin Services in carbon products which are needed to access as
 OSGI Services in the carbon context. Most of the time in Admin Services, it
 check weather user is authorized in the method, So we cannot register same
 Admin Service as a OSGI Service and access it. Since there are cases user
 is not authorized when we access as a OSGI Service. What is the best way to
 reuse the code and create OSGI Service and Admin Service.

 After discussing with some folks, i thought following mechanism to
 implement it.

 1. Create an interface for the Service
 2. Create an Implementation as OSGI Service
 3. Create Admin Service which reuse the OSGI Service and apply
 additional security. (Here there will be no business logic and additional
 security will only applied.)


 Please give feedback on this.


 Thanks
 Godwin



 --
 *Godwin Amila Shrimal*
 Senior Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D*
 twitter: https://twitter.com/godwinamila

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Sameera Jayasoma,
 Software Architect,

 WSO2, Inc. (http://wso2.com)
 email: same...@wso2.com
 blog: http://sameera.adahas.org
 twitter: https://twitter.com/sameerajayasoma
 flickr: http://www.flickr.com/photos/sameera-jayasoma/collections
 Mobile: 0094776364456

 Lean . Enterprise . Middleware


 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 *Godwin Amila Shrimal*
 Senior Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D*
 twitter: https://twitter.com/godwinamila

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Proposal for Carbon Offsets

2014-11-14 Thread Harshan Liyanage

Hi,

Yeah. I think having different offsets for different products will
definitely confuse the customers who are already familiar with our
products. But as Shammi has mentioned if we could have standard
port-offsets for production deployments that might be useful in
troubleshooting  support issues.

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Thu, Nov 13, 2014 at 6:00 PM, Nuwan Dias nuw...@wso2.com wrote:

 Having different ports for different products will be a problem. Right now
 if one knows how to access the management console of a single product, he
 knows what to do to access any of the management consoles of any product in
 the platform. Similar to other ports as well, such as the ESB and APIM use
 8280 as the default passthrough port, similar for default thrift ports as
 well.

 So having different offsets for different products will confuse users more
 IMO.

 On Thu, Nov 13, 2014 at 5:49 PM, Sameera Jayasoma same...@wso2.com
 wrote:

 I also have the same opinion on this change. All our users are familiar
 with the default http/https ports, changing them will confuse them.

 Thanks,
 Sameera.

 On Wed, Nov 12, 2014 at 8:33 PM, Afkham Azeez az...@wso2.com wrote:



 On Wed, Nov 12, 2014 at 6:12 PM, Isuru Perera isu...@wso2.com wrote:

 Hi,

 I'm -0 on this proposal. If we have different offsets for different
 products, we will have to maintain a document to show the offsets we have
 given for each product.


 Due to the same reason, I too think having multiple port offsets will be
 confusing since most users have got used to the standard ports, and are
 quite comfortable with setting different port offsets.


 When doing product integrations, setting offset is not the only
 configuration step. It is a simple operation and I think it's better to let
 the user to do that along with other configurations. Then the user will
 know what really happens with ports and how to configure URLs.

 In most of the production deployments, the WSO2 instances will be in
 separate servers/VMs and we rarely modify the offset. Most of the time, we
 define common security groups to open ports. So, if we don't change offsets
 by default, we will be having common ports for each server.

 So, I think it's better to have no offsets by default in WSO2 products.

 Thanks!

 Best Regards,

 On Wed, Nov 12, 2014 at 5:42 PM, Paul Fremantle p...@wso2.com wrote:

 Ack?

 Paul

 On 10 October 2014 09:27, Paul Fremantle p...@wso2.com wrote:

 I have a simple proposal, which is that we predefine a standard
 offset for each product.

 e.g. AS 0, ESB 1, AM 2, GovReg 3, BAM 4, IS 5, etc...

 These would be baked into the distros. This would make life a lot
 easier for customers doing more than one product. Also for say BAM
 integration, life would be much better.

 Paul

 --
 Paul Fremantle
 CTO and Co-Founder, WSO2
 OASIS WS-RX TC Co-chair, Apache Member

 UK: +44 207 096 0336

 blog: http://pzf.fremantle.org
 twitter.com/pzfreo
 p...@wso2.com

 wso2.com Lean Enterprise Middleware

 Disclaimer: This communication may contain privileged or other
 confidential information and is intended exclusively for the addressee/s.
 If you are not the intended recipient/s, or believe that you may have
 received this communication in error, please reply to the sender 
 indicating
 that fact and delete the copy you received and in addition, you should 
 not
 print, copy, retransmit, disseminate, or otherwise use the information
 contained in this communication. Internet communications cannot be
 guaranteed to be timely, secure, error or virus-free. The sender does not
 accept liability for any errors or omissions.




 --
 Paul Fremantle
 CTO and Co-Founder, WSO2
 OASIS WS-RX TC Co-chair, Apache Member

 UK: +44 207 096 0336

 blog: http://pzf.fremantle.org
 twitter.com/pzfreo
 p...@wso2.com

 wso2.com Lean Enterprise Middleware

 Disclaimer: This communication may contain privileged or other
 confidential information and is intended exclusively for the addressee/s.
 If you are not the intended recipient/s, or believe that you may have
 received this communication in error, please reply to the sender 
 indicating
 that fact and delete the copy you received and in addition, you should not
 print, copy, retransmit, disseminate, or otherwise use the information
 contained in this communication. Internet communications cannot be
 guaranteed to be timely, secure, error or virus-free. The sender does not
 accept liability for any errors or omissions.

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Isuru Perera
 Senior Software Engineer | WSO2, Inc. | http://wso2.com/
 Lean . Enterprise . Middleware

 about.me/chrishantha




 --
 *Afkham Azeez*
 Director of Architecture;

Re: [Architecture] Proposed Device Operations Flow of CDM

2014-11-16 Thread Harshan Liyanage

Hi,

*Platform-specific payload *is the actual payload which will be delivered
to the device when the device contacts the server for
pending-operations. *Platform-independent
*form is used to construct the *Platform-specific payload * communicate
device operations internally within CDM. For example when an user sends a
device operation using CDM web-console, *platform-independent *message will
be sent from the console - CDM API - CDM Core - Device-platform bundle.
Then the *device-platform bundle *will use it to construct the
*platform-specific
payload.*
But there might be situation where some device operation payloads might not
delivered to the device when another operation for that device comes-in. IMO
in such cases its not good to have many pending *platform-specific payloads
*for a single device. If we are to deliver multiple payloads that might
introduce an additional overhead in network. In such situations what I
suggest is to merge the new payload with the existing payload. To do that
we have two options.

1. Use the existing *platform-specific payload * merge it with the new
operation request
2. Use the *platform-independent *form  merge it with new operation
request (platform-independent form)  construct a new payload

Going through the 1st approach will be harder because then the
device-platform bundle will have to have the all the conversion logic need
to convert payloads ( *platform-independent - platform-specific *
*platform-specific
- platform-independent). *In some platforms converting back the
*platform-specific
payload* might not be possible because the device-platform bundle might use
a 3rd party library to do the conversion. So we had to opt out 1st
approach.
If we follow the 2nd approach, CDM server itself can do the merging of the
operation requests because it does not need any platform-specific knowledge
to do so. Then the merged *platform-independent payload *can be send to the
device-platform bundle to get the corresponding *platform-specific
payload.* For
do that we need to save the *platform-independent payload *along with
the *platform-specific
payload.*
This approach will reduce the workload of device-platform implementer,
which will make easier integration of new platforms.

Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Mon, Nov 17, 2014 at 5:59 AM, Dilan Udara Ariyaratne dil...@wso2.com
wrote:

 Hi All,

 This is just to clarify things.

 With reference to defining pending-operations-per-device, why do we need
 to have a
 *platform-specific payload *and its *platform-independent* *form*?

 What is the expected use-case of this?

 Regards,

 Dilan.




 *Dilan U. Ariyaratne*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 Mobile: +94775149066
 lean . enterprise . middleware

 On Mon, Nov 3, 2014 at 5:36 PM, Harshan Liyanage hars...@wso2.com wrote:

 Hi InoshP,

 Before explaining the above scenario I'll explain the process of payload
 generation when a request for new operation comes to the CDM core.

 1. CDM Core bundle will detect its device platform using the operation
 code
 2. Validate the operation against the supported device operations
 3. Send the operation request to the device-platform bundle for
 converting it to a *device-specific payload*
 4. Put the converted payload into the *OUT* queue

 We have two options when it comes to your scenario.
 1. Create a new payload including the previous operation  new operation
 2. Create another payload. So that 2 payloads will be stored in the *OUT
 *queue.

 IMO the best option would be 1, since the second option will consume more
 memory in the queue  more bandwidth of the device because it has to take 2
 payloads.
 For supporting the option 1, we have the following options.

 1. Device platform bundle will take the platform-specific payload in the
 queue  merge it with the new operation
 In this case, the overhead of the device platform bundle will be much
 higher because it must know how to convert back the *platform-specific
 payload* to the *platform-independent* form. This will make writing a
 new device-platform bundle a tedious task because of the complexity of
 payload transformation logic. So I'm -1 on this option.

 2. We'll use a platform-independent format for saving the payload into
 the queue which can be easily merged with new operations. This
 platform-independent payload will be converted when the device contacts the
 CDM server for pending operations.
 This is much more easier method than the first option. But this will
 affect the number of concurrent devices CDM can support due to the
 on-demand conversion of payloads. On the other-hand this method will reduce
 the resource consumption  avoid unnecessary payload transformations.
 Further-more this will reduce the complexity of CDM core because there is
 no need to get the payload

Re: [Architecture] Proposed Device Operations Flow of CDM

2014-11-17 Thread Harshan Liyanage

Hi Dilan,

Yes. you are correct.

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Tue, Nov 18, 2014 at 7:20 AM, Dilan Udara Ariyaratne dil...@wso2.com
wrote:

 Hi Harshan,

 This is with reference to the two merging options that you have mentioned
 in your previous reply to the thread.

 As I understood, with the 1st Option:

 You suggest to

 [1] convert platform-independent-payload to platform-specific-payload,
 save it and when another request comes in,
 [2] convert the platform-specific-payload back into its
 platform-independent-form and merge it with the
 platform-independent-payload for the new request and
 [3] convert that back to a platform-specific-payload. (Please correct me
 if I am wrong)

 So with this option, you suggest not to save a
 platform-independent-payload for the pending requests and deal with it only
 at run-time.

 As I understood, with the 2nd Option:

 You suggest to

 [1] Keep the platform-independent-payload saved along with its
 platform-specific-payload and when ever another request comes in,
 [2] Get the existing platform-independent-payload and merge it with new
 platform-independent-payload of the incoming request, save it and
 [3] Convert that to a new platform-specific-payload and overwrite the
 existing platform-specific-payload with the new one. (Please correct me if
 I am wrong)

 Thanks.







 *Dilan U. Ariyaratne*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 Mobile: +94775149066
 lean . enterprise . middleware

 On Mon, Nov 17, 2014 at 8:16 AM, Harshan Liyanage hars...@wso2.com
 wrote:

 Hi,

 *Platform-specific payload *is the actual payload which will be
 delivered to the device when the device contacts the server for
 pending-operations. *Platform-independent *form is used to construct the 
 *Platform-specific
 payload * communicate device operations internally within CDM. For
 example when an user sends a device operation using CDM web-console, 
 *platform-independent
 *message will be sent from the console - CDM API - CDM Core -
 Device-platform bundle. Then the *device-platform bundle *will use it to
 construct the *platform-specific payload.*
 But there might be situation where some device operation payloads might
 not delivered to the device when another operation for that device comes-in.
  IMO in such cases its not good to have many pending *platform-specific
 payloads *for a single device. If we are to deliver multiple payloads
 that might introduce an additional overhead in network. In such situations
 what I suggest is to merge the new payload with the existing payload. To do
 that we have two options.

 1. Use the existing *platform-specific payload * merge it with the new
 operation request
 2. Use the *platform-independent *form  merge it with new operation
 request (platform-independent form)  construct a new payload

 Going through the 1st approach will be harder because then the
 device-platform bundle will have to have the all the conversion logic need
 to convert payloads ( *platform-independent - platform-specific * 
 *platform-specific
 - platform-independent). *In some platforms converting back the 
 *platform-specific
 payload* might not be possible because the device-platform bundle might
 use a 3rd party library to do the conversion. So we had to opt out 1st
 approach.
 If we follow the 2nd approach, CDM server itself can do the merging of
 the operation requests because it does not need any platform-specific
 knowledge to do so. Then the merged *platform-independent payload *can
 be send to the device-platform bundle to get the corresponding 
 *platform-specific
 payload.* For do that we need to save the *platform-independent payload 
 *along
 with the *platform-specific payload.*
 This approach will reduce the workload of device-platform implementer,
 which will make easier integration of new platforms.

 Regards,

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.

 On Mon, Nov 17, 2014 at 5:59 AM, Dilan Udara Ariyaratne dil...@wso2.com
 wrote:

 Hi All,

 This is just to clarify things.

 With reference to defining pending-operations-per-device, why do we need
 to have a
 *platform-specific payload *and its *platform-independent* *form*?

 What is the expected use-case of this?

 Regards,

 Dilan.




 *Dilan U. Ariyaratne*
 Software Engineer
 WSO2 Inc. http://wso2.com/
 Mobile: +94775149066
 lean . enterprise . middleware

 On Mon, Nov 3, 2014 at 5:36 PM, Harshan Liyanage hars...@wso2.com
 wrote:

 Hi InoshP,

 Before explaining the above scenario I'll explain the process of
 payload generation when a request for new operation comes to the CDM core.

 1. CDM Core bundle will detect its device platform using

Re: [Architecture] [BAM] [Security] Securing REST API

2015-02-02 Thread Harshan Liyanage

+1 for using OAuth security for the APIs. Can't use guys use the API
everywhere concept in this use-case? So that you can simply have the OAuth
security for APIs.

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Sun, Feb 1, 2015 at 7:30 AM, Maninda Edirisooriya mani...@wso2.com
wrote:

+1 for OAuth and IMO in future we should move all authorization in admin
services to OAuth throughout the Carbon. It will be definitely possible
when we are moving from SOAP to REST with Carbon 5.

On Wed, Jan 28, 2015 at 6:03 PM, Prabath Siriwardena prab...@wso2.com
wrote:

+1 for using OAuth..

Please also think of the cost of maintaining and provisioning keys
between servers in a clustered setup and the requirement of have an OAuth
authorization server.

Please see the approach suggested here [1] self-issued self-contained
access tokens. This approach reduces all most all the overhead.

[1]: http://blog.facilelogin.com/2014/10/self-issued-access-tokens.html

Thanks regards,
-Prabath

On Wed, Jan 28, 2015 at 1:16 AM, Johann Nallathamby joh...@wso2.com
wrote:

On Tue, Jan 27, 2015 at 3:17 PM, Anjana Fernando anj...@wso2.com
wrote:

Hi,

I guess our admin services are also accessible via basic auth, isn't
it? .. We just thought, as a convenience method for the end user, they can
use their username/password to access our API if required. So basically, if
using OAuth, other than using SAML2 bearer token grant type or anything
similar, is it possible to use the login username/password to our dashboard
UI to generate the access token with resource owner credentials grant type
maybe? ..

This is also possible. But the access token has an finite expiry time.
And it is not related to the browser session / not a moving window. So once
it expires you must use the refresh token to get another access token. So
this way user can login once and keep using APIs until they logout. Once
they logout the access token can be revoked.

Securing APIs with Basic Auth is also currently widely used. But it
doesn't provide any advantage over OAuth2. So for future we should stick to
OAuth2 only.

For the validation of the OAuth2 token we should have a tomcat valve so
that it can secure REST as well as SOAP services. I don't think we have
written one all this time. Gihan if you are doing this can you sync up with
IS team and lets finalize.

Thanks,
Johann.

Cheers,
Anjana.

On Tue, Jan 27, 2015 at 2:42 PM, Supun Malinga sup...@wso2.com wrote:

Hi Gihan,

IMO using basic auth will make it vulnerable for dos attacks and less
secure. So you need to think this thru.

There is a possibility of authenticating already logged in users via
the cookie data. But we will need to write a new cookie based oauth grant
type for this. AFAIK we don't have such a grant type yet (Correct me if
I'm
wrong).

On your latest note I think you can use the SAML2 grant type [0].

[0]
https://docs.wso2.com/display/AM170/Token+API#TokenAPI-ExchangingSAML2bearertokenswithOAuth2(SAMLextensiongranttype)

thanks,

On Tue, Jan 27, 2015 at 1:48 PM, Gihan Anuruddha gi...@wso2.com
wrote:

No. We thought, it might convenient for the end user if we provide
basic auth capabilities. We will integrate OAuth functionalities for our
REST APIs.

Regarding our requirement, We have multiple dashboards that validate
the user through single login page. How can we do the backend API
communication?

Regards,
Gihan

On Tue, Jan 27, 2015 at 12:02 PM, Sumedha Rubasinghe
sume...@wso2.com wrote:

Any particular reason for securing product APIs using Basic Auth?

Products like G-Reg, CDM are using OAuth 2.0 tokens for this instead.

On Tue, Jan 27, 2015 at 11:53 AM, Gihan Anuruddha gi...@wso2.com
wrote:

Hi All,

We are going to use a set of REST API [1] to communicate with the
data layer. Basically, we are securing these REST APIs with basic
auth. But we wanted to communicate with these REST APIs with already
logged
in user as well. Reason is we have a plan to use these REST API in our
Message console dashboard and we want to have SSO kind of a logging
solution for these dashboards without any individual login pages.

So is it possible to use existing HTTP session cookie and
authenticate REST API calls or do we have to use OAuth with some
specific
grant types?

Appreciate your inputs here?

[1] - [Architecture] BAM 3.0 REST APIs for AnalyticsDataService /
Indexing / Search
--
W.G. Gihan Anuruddha
Senior Software Engineer | WSO2, Inc.
M: +94772272595

--
/sumedha
m: +94 773017743
b : bit.ly/sumedha

--
W.G. Gihan Anuruddha
Senior Software Engineer | WSO2, Inc.
M: +94772272595

___
Architecture mailing list
Architecture@wso2.org

Re: [Architecture] BAM 3.0 REST APIs for AnalyticsDataService / Indexing / Search

2015-01-19 Thread Harshan Liyanage

Hi Gimantha,

AFAIK when writing REST APIs you have use POST verb to create a resource
and the resource data should be sent as the POST request body. I totally
agree with Sinthuja's comment regarding url pattern of *POST
/analytics/{tableName}*.

IMO you should not use POST methods to the following APIs as well and
instead you could use GET methods with query-strings. (since these methods
have been used to retrieve data)

6. Get the records from a table (By IDs)
*POST /analytics/records/{tableName}*
; tableName - The name of the table from which the records are retrieved.
; Content  - A List of IDs of the records to be retrieved in the following
format.
[ id1 , id2 , id3 ]
; response - takes the format of the request content of No.7


14. Search records of a table
*POST /analytics/search*
; Content - takes the following format
{
tableName: sampleTableName,
language: sampleLanguageName,
query: sampleQuery,
start: start-location-of-the-result,
count: maximum-number-of-entries-to-return
}


Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Tue, Jan 20, 2015 at 1:29 AM, Gimantha Bandara giman...@wso2.com wrote:

 Hi Sinduja,

 Thank you for the feedback.

 On Mon, Jan 19, 2015 at 12:04 PM, Sinthuja Ragendran sinth...@wso2.com
 wrote:

 Hi gimantha,

 Please see the comments inline.

 On Sun, Jan 18, 2015 at 11:24 PM, Gimantha Bandara giman...@wso2.com
 wrote:

 Hi,
 Currently, I am working on $subject. Basically the methods in
 AnalyticsDataService will be exposed through REST APIs. Please refer to
 Architecture mail thread *[Architecture] BAM 3.0 Data Layer
 Implementation / RDBMS / Distributed Indexing / Search* for more
 Details. Following are the supported REST APIs.

 1. Create a table
 *POST /analytics/{tableName}*
  ; tableName - The name of the table to be created.


 IMHO the above should be POST to '/analytics/*tables*' and the request
 content should have the table name as given below.
 {
  tableName : Test
 }

 Since the POST takes only the table name, it is straightforward to use it
 as a path parameter.


 2. Delete a table
 *DELETE /analytics/{tableName} *
 ; tableName - The name of the table to be deleted.


 3. Check if a table exists
 *GET /analytics/{tableName} *
 ; tableName - The name of the table being checked.

 4. List All the tables
 *GET /analytics/tables*
 ;Response will be an JSON array of table names. e.g. [ table1 ,
 table2 , table3 ]

 5. Get the records from a table.
 *GET /analytics/records/{tableName}/{from}/{to}/{start}/{count} *
 ; tableName - The name of the table from which the records are retrieved.
 ; from - The starting time to get records from.
 ; to - The ending time to get records to.
 ; start - The paginated index from value
 ; count - The paginated records count to be read
 ; response - takes the format of the request content of No.7


 Do we need to have 'records' in the URL?  I think it's better to have  
 */analytics/{tableName}/{from}/{to}/{start}/{count}
 *


 records is there to avoid conflicts with other contexts. As an example,
 If we remove records, the URL will take the format
 /analytics/{tableName}, which is already a defined REST API.


 6. Get the records from a table (By IDs)
 *POST /analytics/records/{tableName}*
 ; tableName - The name of the table from which the records are retrieved.
 ; Content  - A List of IDs of the records to be retrieved in the
 following format.
 [ id1 , id2 , id3 ]
 ; response - takes the format of the request content of No.7


 Similarly can we have this as * /analytics/{tableName}?*


 7. Create records ( can be created in different tables or in the same )
 *POST /analytics/records*
 ; Content - A list of records in json format like in below.
 [
 {
 id: id1,
 tenantId: -1234,
 tableName: tableName1,
 timestamp: -mm-dd hh:mm:ss,
 values:
 {
 columnName1: value1,
 columnName2: value2
 }
 },
{
 id: id2,
 tenantId: -1234,
 tableName: tableName2,
 timestamp: -mm-dd hh:mm:ss,
 values:
 {
 columnName1: value1,
 columnName2: value2
 }
 },
 ]

 8. Delete records
 *DELETE /analytics/records/{tableName}/{timeFrom}/{timeTo}*
 ; tableName - Name of the table from which the records are deleted.
 ; timeFrom - The starting time to delete records from.
 ; timeTo - The end time to delete records to.


 Again do we need to have 'records' in the middle?  IMHO
 /analytics/{tableName}/{timeFrom}/{timeTo} is better.

 9. Update records
 *PUT /analytics/records*
 ; Content - As same as the POST method for creating records

 10. Get the record count of table
 *GET /analytics/count/{tableName}*
 ; tableName - The name of the table

 11. Create Indices for a table
 *POST

Re: [Architecture] BAM 3.0 REST APIs for AnalyticsDataService / Indexing / Search

2015-01-20 Thread Harshan Liyanage

Hi Gimantha,

Could you please explain the use-case for the API  #6? IMO there should not
be any operation to fetch a list of records by ids. Instead there could be
an API which sends a list of records as the response for a query.

For the API #14 you can still use GET method with query strings. I think
you have included start  count parameters to control the pagination. For
that you can use the HTTP range-header [1] or link headers as mentioned in
[2].

[1]. http://otac0n.com/blog/2012/11/21/range-header-i-choose-you.html
[2]. https://developer.github.com/v3/#pagination

Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Tue, Jan 20, 2015 at 6:34 PM, Gimantha Bandara giman...@wso2.com wrote:

 Hi Harshan,

 Thanks for the feedback. The list of IDs of the records to be retrieved
 can be too long. So setting a list of ids as a query param is not
 convenient. Even for the Search, we have to pass a query, which can be too
 long. Thats why the post method is used for Search.

 Thanks,

 On Tue, Jan 20, 2015 at 12:52 PM, Sinthuja Ragendran sinth...@wso2.com
 wrote:

 Hi Gimantha,

 I think following the conventions will be more intuitive to the users,
 and we should have a proper reason to not follow. And the post request is
 generally needs to be sent to create the object and the back end is going
 to decide where to create the tables resource, therefore it should be POST
 to '/analytics/tables' and message body should be having the table name. If
 you want to use /analytics/{tableName}, then you should use PUT rather
 POST [1]. But IMO POST is the most suitable operation for this context.

 And through out the below given URL patterns, in order to fetch the
 records from a table, you have used '/analytics/records/{tableName}' url
 pattern where 'records' is in the middle and it is not the correct data
 hierarchy and again I feel it's not the convention. Basically tables
 contains records and not records contains tables. Therefore if we use
 POST to '/analytics/tables' for create table, then you can use simply
 user 'analytics/{tableName}' to GET/POST for the tables, IMHO the records
 is just an additional segment which is not needed to be here.

 [1] http://restcookbook.com/HTTP%20Methods/put-vs-post

 Thanks,
 Sinthuja.

 On Tue, Jan 20, 2015 at 1:29 AM, Gimantha Bandara giman...@wso2.com
 wrote:

 Hi Sinduja,

 Thank you for the feedback.

 On Mon, Jan 19, 2015 at 12:04 PM, Sinthuja Ragendran sinth...@wso2.com
 wrote:

 Hi gimantha,

 Please see the comments inline.

 On Sun, Jan 18, 2015 at 11:24 PM, Gimantha Bandara giman...@wso2.com
 wrote:

 Hi,
 Currently, I am working on $subject. Basically the methods in
 AnalyticsDataService will be exposed through REST APIs. Please refer to
 Architecture mail thread *[Architecture] BAM 3.0 Data Layer
 Implementation / RDBMS / Distributed Indexing / Search* for more
 Details. Following are the supported REST APIs.

 1. Create a table
 *POST /analytics/{tableName}*
  ; tableName - The name of the table to be created.


 IMHO the above should be POST to '/analytics/*tables*' and the request
 content should have the table name as given below.
 {
  tableName : Test
 }

 Since the POST takes only the table name, it is straightforward to use
 it as a path parameter.


 2. Delete a table
 *DELETE /analytics/{tableName} *
 ; tableName - The name of the table to be deleted.


 3. Check if a table exists
 *GET /analytics/{tableName} *
 ; tableName - The name of the table being checked.

 4. List All the tables
 *GET /analytics/tables*
 ;Response will be an JSON array of table names. e.g. [ table1 ,
 table2 , table3 ]

 5. Get the records from a table.
 *GET /analytics/records/{tableName}/{from}/{to}/{start}/{count} *
 ; tableName - The name of the table from which the records are
 retrieved.
 ; from - The starting time to get records from.
 ; to - The ending time to get records to.
 ; start - The paginated index from value
 ; count - The paginated records count to be read
 ; response - takes the format of the request content of No.7


 Do we need to have 'records' in the URL?  I think it's better to have  
 */analytics/{tableName}/{from}/{to}/{start}/{count}
 *


 records is there to avoid conflicts with other contexts. As an
 example, If we remove records, the URL will take the format
 /analytics/{tableName}, which is already a defined REST API.


 6. Get the records from a table (By IDs)
 *POST /analytics/records/{tableName}*
 ; tableName - The name of the table from which the records are
 retrieved.
 ; Content  - A List of IDs of the records to be retrieved in the
 following format.
 [ id1 , id2 , id3 ]
 ; response - takes the format of the request content of No.7


 Similarly can we have this as * /analytics/{tableName}?*


 7. Create records ( can be created in different tables or in the same )
 *POST

Re: [Architecture] BAM 3.0 REST APIs for AnalyticsDataService / Indexing / Search

2015-02-12 Thread Harshan Liyanage

, it may not be that
 informative what we are actually doing there.

 [1]
 https://www.google.com/search?q=REST+service+designgws_rd=ssl#q=REST+api+design

 Cheers,
 Anjana.

 On Wed, Jan 21, 2015 at 3:35 AM, Gimantha Bandara giman...@wso2.com
 wrote:

 Hi,
 Goood point!. Initially the search was implemented such a way that it
 returns a list of ids of records that match the query. Now the search
 method is changed, so it returns the records. So +1 for removing the API
 #6.

 @Sinduja, @Harshan
Thanks for the reference links and for the feedback.

 On Tue, Jan 20, 2015 at 6:52 PM, Harshan Liyanage hars...@wso2.com
 wrote:

 Hi Gimantha,

 Could you please explain the use-case for the API  #6? IMO there
 should not be any operation to fetch a list of records by ids. Instead
 there could be an API which sends a list of records as the response for a
 query.

 For the API #14 you can still use GET method with query strings. I
 think you have included start  count parameters to control the 
 pagination.
 For that you can use the HTTP range-header [1] or link headers as 
 mentioned
 in [2].

 [1]. http://otac0n.com/blog/2012/11/21/range-header-i-choose-you.html
 [2]. https://developer.github.com/v3/#pagination

 Regards,

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.

 On Tue, Jan 20, 2015 at 6:34 PM, Gimantha Bandara giman...@wso2.com
 wrote:

 Hi Harshan,

 Thanks for the feedback. The list of IDs of the records to be
 retrieved can be too long. So setting a list of ids as a query param is 
 not
 convenient. Even for the Search, we have to pass a query, which can be 
 too
 long. Thats why the post method is used for Search.

 Thanks,

 On Tue, Jan 20, 2015 at 12:52 PM, Sinthuja Ragendran 
 sinth...@wso2.com wrote:

 Hi Gimantha,

 I think following the conventions will be more intuitive to the
 users, and we should have a proper reason to not follow. And the post
 request is generally needs to be sent to create the object and the back 
 end
 is going to decide where to create the tables resource, therefore it 
 should
 be POST to '/analytics/tables' and message body should be having the 
 table
 name. If you want to use /analytics/{tableName}, then you should
 use PUT rather POST [1]. But IMO POST is the most suitable operation for
 this context.

 And through out the below given URL patterns, in order to fetch the
 records from a table, you have used '/analytics/records/{tableName}' url
 pattern where 'records' is in the middle and it is not the correct data
 hierarchy and again I feel it's not the convention. Basically tables
 contains records and not records contains tables. Therefore if we use
 POST to '/analytics/tables' for create table, then you can use
 simply user 'analytics/{tableName}' to GET/POST for the tables, IMHO the
 records is just an additional segment which is not needed to be here.

 [1] http://restcookbook.com/HTTP%20Methods/put-vs-post

 Thanks,
 Sinthuja.

 On Tue, Jan 20, 2015 at 1:29 AM, Gimantha Bandara giman...@wso2.com
  wrote:

 Hi Sinduja,

 Thank you for the feedback.

 On Mon, Jan 19, 2015 at 12:04 PM, Sinthuja Ragendran 
 sinth...@wso2.com wrote:

 Hi gimantha,

 Please see the comments inline.

 On Sun, Jan 18, 2015 at 11:24 PM, Gimantha Bandara 
 giman...@wso2.com wrote:

 Hi,
 Currently, I am working on $subject. Basically the methods in
 AnalyticsDataService will be exposed through REST APIs. Please refer 
 to
 Architecture mail thread *[Architecture] BAM 3.0 Data Layer
 Implementation / RDBMS / Distributed Indexing / Search* for
 more Details. Following are the supported REST APIs.

 1. Create a table
 *POST /analytics/{tableName}*
  ; tableName - The name of the table to be created.


 IMHO the above should be POST to '/analytics/*tables*' and the
 request content should have the table name as given below.
 {
  tableName : Test
 }

 Since the POST takes only the table name, it is straightforward to
 use it as a path parameter.


 2. Delete a table
 *DELETE /analytics/{tableName} *
 ; tableName - The name of the table to be deleted.


 3. Check if a table exists
 *GET /analytics/{tableName} *
 ; tableName - The name of the table being checked.

 4. List All the tables
 *GET /analytics/tables*
 ;Response will be an JSON array of table names. e.g. [ table1 ,
 table2 , table3 ]

 5. Get the records from a table.
 *GET /analytics/records/{tableName}/{from}/{to}/{start}/{count} *
 ; tableName - The name of the table from which the records are
 retrieved.
 ; from - The starting time to get records from.
 ; to - The ending time to get records to.
 ; start - The paginated index from value
 ; count - The paginated records count to be read
 ; response - takes the format of the request content of No.7


 Do we need to have 'records' in the URL?  I think it's better to
 have  */analytics/{tableName}/{from}/{to}/{start}/{count

Re: [Architecture] BAM 3.0 REST APIs for AnalyticsDataService / Indexing / Search

2015-02-16 Thread Harshan Liyanage

Hi Gimantha,

I think Frank has explained everything about the usage of *GET
/analytics/tables/{tableName}*. Anyway what my point is that if we have
used *GET* */analytics/tables/{tableName} *to check the existence of the
table it would work nice if the table does not exist. But if the table
exists, all the table data will be retrieved from the database  sent over
the network instead of a simple Boolean *TRUE* result. This will
introduce unnecessary  performance drawback in your backend server 
unnecessary network traffic.

So I'm +1 on using  below API for that purpose.

*GET /analytics/table_exists?tableName=table-name*

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Mon, Feb 16, 2015 at 1:21 PM, Gimantha Bandara giman...@wso2.com wrote:

 Hi Frank,

 Thanks you for your explanation!. What we currently do is, using *GET
 /analytics/tables/{tableName} *get the whole table, if the table does not
 exist, HTTP status will be 404 and the response body will have a message
 saying that the table does not exist.

 On Sun, Feb 15, 2015 at 9:03 PM, Frank Leymann fr...@wso2.com wrote:

 Hi Gimantha,

 it depends on the scenario:  if you want to check existence of resource
 it's fine to use a GET on this resource and receive a 404 Not Found.

 But the subtlety is that Not Found according to HTTP is statement in
 time: you cannot infer that the resource does not exist, all that 404
 says is that it cannot be found at this point in time, i.e. it maybe found
 later. If your scenario doesn't care about that you are fine.

 Furthermore, in case the resource in fact is found, the GET on this
 resource will return the complete table. This might not be acceptable if
 you only want to get an indicator that the exists. The signal for existence
 shouldn't the possibly huge table itself.

 Thus, depending on your scenario you may consider a corresponding
 function.  By the way, this is completely compliant to the REST style that
 foresees such processing function resources.


 Best regards,
 Frank

 2015-02-14 15:01 GMT+01:00 Gimantha Bandara giman...@wso2.com:

 Hi Manuranga,

 Already *GET /analytics/tables/{tableName} *returns 404 if the
 table doesn't exists. So we will not need a separate API. Thanks for your
 feedback.

 On Sat, Feb 14, 2015 at 12:22 PM, Manuranga Perera m...@wso2.com
 wrote:

 there shouldn't be a separate end point for is-exists

 *GET /analytics/tables/{tableName}* - Will return table informing if
 it exists and if not it should return 404

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Gimantha Bandara
 Software Engineer
 WSO2. Inc : http://wso2.com
 Mobile : +94714961919

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Gimantha Bandara
 Software Engineer
 WSO2. Inc : http://wso2.com
 Mobile : +94714961919

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Pre-populate API Manager with one API which can be used OOTB

2015-02-16 Thread Harshan Liyanage

Hi Nisala,

Normally it is unacceptable to have more than 3 arguments for a method when
you write a clean code. I think you will have to refactor all these methods
before proceed with your work because these methods already have too many
arguments. As stated in [1],

The ideal number of arguments for a function is zero (niladic). Next comes
one (monadic), followed closely by two (dyadic). Three arguments (triadic)
should be avoided where possible. More than three (polyadic) requires very
special justification - and then shouldn't be used anyway.

So please consider those things.

[1].
http://www.javaworld.com/article/2074962/core-java/too-many-parameters-in-java-methods-part-8-tooling.html?null

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Tue, Feb 17, 2015 at 10:25 AM, Nisala Nanayakkara nis...@wso2.com
wrote:

 I am working on the improvement of 'Pre-populating API Manager with one
 sample API in APIM'. The decided approach is create a simple API using
 inline implementation with script mediator in the server startup. For
 this,apim startup.publisher package will be re-used. There will be some
 changes in the startup.publisher package as below as currently that package
 doesn't support create APIs with inline implementation approach.

 Note-With below changes,the current functionality in startup publisher
 which is used by GReg/AS will not be break.

 - adding extra configuration property as 'isInline' in APIManager.xml to
 get the API implementation method.If this value is true,then use inline
 implementation approach,instead wrapping the API with a back-end endpoint.

 LocalAPIs
 LocalAPI
 Context/resource/Context
 Provideradmin/Provider
 Version1.0.0/Version
 IconPathnone/IconPath
 DocumentURLnone/DocumentURL
 AuthTypeAny/AuthType
 *isInlinetrue/isInline*
 /LocalAPI
 /LocalAPIs

 -changing createAPIModel and createAPIAtServerStartup method signatures as
 below

 private API createAPIModel(String apiName, String apiProvider,
String apiVersion, String apiEndpoint,
 String apiContext,
String iconPath, String documentURL, String
 authType,
*boolean isInline*)

  private void createAPIAtServerStartup(
 String apiName, String apiProvider,
   String apiVersion, String
 apiEndpoint, String apiContext,
   String iconPath, String
 documentURL, String authType,
   *boolean isInline*)


 Please reply if you have any opinion about this.

 Thanks,
 Nisala
 --

 *Best Regards,Nisala Niroshana Nanayakkara,*
 *Bsc. Eng Undergraduate | Department of Computer Science  Engineering |
 University of Moratuwa | Sri Lanka*

 *Intern Software Engineer | WSO2 Lanka(pvt) Ltd *
 *Director | Leo Club of University of Moratuwa.*
 *Mobile | +94717600022*

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] BAM 3.0 REST APIs for AnalyticsDataService / Indexing / Search

2015-02-19 Thread Harshan Liyanage

Hi Frank,

Got it. Thanks a lot.

Best Regards,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Wed, Feb 18, 2015 at 5:58 PM, Frank Leymann fr...@wso2.com wrote:

 Hi Harshan,

 if you only want an indicator whether or not a table exists, the API you
 specify is the right way to go :-)

 And it's a nice RESTful API...


 Best regards,
 Frank

 2015-02-17 6:08 GMT+01:00 Harshan Liyanage hars...@wso2.com:

 Hi Gimantha,

 I think Frank has explained everything about the usage of *GET
 /analytics/tables/{tableName}*. Anyway what my point is that if we have
 used *GET* */analytics/tables/{tableName} *to check the existence of the
 table it would work nice if the table does not exist. But if the table
 exists, all the table data will be retrieved from the database  sent over
 the network instead of a simple Boolean *TRUE* result. This will
 introduce unnecessary  performance drawback in your backend server 
 unnecessary network traffic.

 So I'm +1 on using  below API for that purpose.

 *GET /analytics/table_exists?tableName=table-name*

 Thanks,

 Lakshitha Harshan
 Software Engineer
 Mobile: *+94724423048*
 Email: hars...@wso2.com
 Blog : http://harshanliyanage.blogspot.com/
 *WSO2, Inc. :** wso2.com http://wso2.com/*
 lean.enterprise.middleware.

 On Mon, Feb 16, 2015 at 1:21 PM, Gimantha Bandara giman...@wso2.com
 wrote:

 Hi Frank,

 Thanks you for your explanation!. What we currently do is, using *GET
 /analytics/tables/{tableName} *get the whole table, if the table does
 not exist, HTTP status will be 404 and the response body will have a
 message saying that the table does not exist.

 On Sun, Feb 15, 2015 at 9:03 PM, Frank Leymann fr...@wso2.com wrote:

 Hi Gimantha,

 it depends on the scenario:  if you want to check existence of resource
 it's fine to use a GET on this resource and receive a 404 Not Found.

 But the subtlety is that Not Found according to HTTP is statement in
 time: you cannot infer that the resource does not exist, all that 404
 says is that it cannot be found at this point in time, i.e. it maybe found
 later. If your scenario doesn't care about that you are fine.

 Furthermore, in case the resource in fact is found, the GET on this
 resource will return the complete table. This might not be acceptable if
 you only want to get an indicator that the exists. The signal for existence
 shouldn't the possibly huge table itself.

 Thus, depending on your scenario you may consider a corresponding
 function.  By the way, this is completely compliant to the REST style that
 foresees such processing function resources.


 Best regards,
 Frank

 2015-02-14 15:01 GMT+01:00 Gimantha Bandara giman...@wso2.com:

 Hi Manuranga,

 Already *GET /analytics/tables/{tableName} *returns 404 if the
 table doesn't exists. So we will not need a separate API. Thanks for your
 feedback.

 On Sat, Feb 14, 2015 at 12:22 PM, Manuranga Perera m...@wso2.com
 wrote:

 there shouldn't be a separate end point for is-exists

 *GET /analytics/tables/{tableName}* - Will return table informing if
 it exists and if not it should return 404

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Gimantha Bandara
 Software Engineer
 WSO2. Inc : http://wso2.com
 Mobile : +94714961919

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --
 Gimantha Bandara
 Software Engineer
 WSO2. Inc : http://wso2.com
 Mobile : +94714961919

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] CDM Operation Managemen

2015-02-15 Thread Harshan Liyanage

Hi,

Operation Management functionality will allow users, admins  policy
engines to remotely perform concrete operations on a device/devices.
A Device Operation will contain the operation-code  the payload of the
operation (such as a configuration payload) if exists. An operation can be
categorized into one of the following.

   - *Message* : CDM admins, users can send a message to a particular
   device. Typically these type of operations are one-way messages.
   - *Information* : CDM admins, users or policy engine (for evaluating the
   adherence to policies or as a requirement for dynamic policies) can request
   the current status of the device (location, battery level , temperature
   etc)
   - *Configuration* :  CDM admins, users or policy engine can push a
   configuration such as WIFI configuration, camera disable , device mute,
   device lock to a particular device

Following are the components involved in operation management.

   - *CDM UI : *CDM web console which will be used by the admins  users
   - *Policy engine : *CDM Policy engine which will be used by admins to
   create policies to apply to the devices
   - *CDM Operation Manager : *This will be the core component which will
   handle all the operation management related tasks
   - *CDM DB : *CDM Core database
   - *Distributed Cache : *Distributed cache (Carbon cache) used to store 
   retrieve operations
   - *Device APIs : * APIs which will be called by the devices
   - *Device : *An enrolled device (Can be any connected device such as a
   mobile device or an IOT device )

Operation Management can be mainly categorized into 3 areas.

   1. *Add Operations* :
   Device operations can be added by the admins, users via CDM web-console
   or by the policy engine. In this scenario we need to persist the operation
   and applicable device list into the CDM database. Initial status of the
   operations in the database will be set to PENDING. Then we need to put
   these operations into the distributed-operation-cache for fast-retrieval.

   2. *Fetch available Operations* :
   Devices will contact the CDM server to fetching available operations for
   those devices. This is a performance-critical function since it is the
   most-frequently used function in CDM. First CDM Operation Manager will do a
   cache-lookup for fetching the available operations. If that won't succeed
   it will do a database-lookup for available operations. Once the
   operation-manager receives the available operations for that particular
   device, it will remove those operations from the cache  update the status
   of operations to SENT in database.

   *Issues*
   1. How to exactly find whether there are any available operations for a
   particular device without doing a database query? Can't we assume that if
   there's no operation cache-entries for a particular device, there are no
   available operations for that device?
   2. What will be the structure of the operation-cache? Is it a per-device
   cache or single cache for all devices? If it is a single cache what will be
   the key when putting a new operation to the cache?
   3. Since this is a performance critical function is it advisable to
   update the operation status to SENT  within this sequence? Can't we put
   the sent operations to another cache  do the database update from another
   task?

   3. *Update operation status*:
   After the received operations have been executed on the device, device
   will contact the server to update the status of the operation  provide the
   information the operation has requested (i.e. location , temperature,
   status of camera etc). Once the update operation is contacted by the
   device, status of the appropriate operation will be changed to RECEIVED.

   *Issues*
   1. Since a network call per each operation will drain the device battery
   how the device will update the status of multiple operations? Can't the
   agent application use a single network call to update the multiple
   operations?


Given below is the proposed operation management sequence diagram of CDM.

[image: Inline image 1]


Please share your ideas  suggestions upon this.

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Additional fields found in iOS mobile device management

2015-02-15 Thread Harshan Liyanage

Hi Dilshan,

Currently the device table in mobile database has following fields.

   - MOBILE_DEVICE_ID
   - REG_ID
   - IMEI
   - IMSI
   - OS_VERSION
   - DEVICE_MODEL
   - VENDOR

When considering iOS platform I think that we can map all other iOS fields
to above fields except for the magic-token  unlock-token. We can map the
push-token to REG_ID field  IMO I think that we can change the column name
to *PUSH_TOKEN*  since it is more generic term than *REG_ID* . For
other two tokens we can use a separate field (if we are storing 2 tokens as
a json string if those records are not frequently accessed) or 2 separate
columns.  In android-platform we have used WIFI Mac address as the
MOBILE_DEVICE_ID.
In your case I guess we'll need a separate column for storing mac address
too.

Since all other device information (device-capacity, bluetooth mac etc)
will be available for all mobile platforms we'll need a generic way to
handle these. I suggest to have a separate field in our device-table like 
*OTHER_INFO* and store all of these other as a json string as those
information will be accessed as a whole.

@Asok : Could you please share the list of fields available in Windows
platform?

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Mon, Feb 16, 2015 at 11:42 AM, Dilshan Edirisuriya dils...@wso2.com
wrote:

 Hi,

 Following are the additional fields found in iOS MDM other than the once
 we find in Android. Since our table structure is little bit tight to
 Android platform it is necessary to identify the extension points to store
 these fields as well along with Windows fields.

 1) Challenge - since iOS get above information in 2 steps it has a
 challenge password embedded in the iOS payload. This is to verify the
 identify of the device together with its UDID.

 2) Product - for this I will be sending this as either iPhone, iPad or
 iPod by looking at sub-strings.

 3) Serial - serial number of the device.

 4) Version - iOS device type.

 5) IMEI - IMEI number. Incase there is no IMEI number it will return empty
 (ie iPad without the sim).

 6) Model - model number of the device.

 7) UDID - mapping to device identifier.

 8) Token, Magic token and unlock token for normal push and MDM push
 notifications.

 After the enrollment using device information command we can fetch the
 device information such as AvailableDeviceCapacity, BluetoothMAC,
 BuildVersion, CarrierSettingsVersion, CurrentCarrierNetwork, CurrentMCC,
 CurrentMNC, DataRoamingEnabled, DeviceCapacity, DeviceName, ICCID, IMEI,
 IsRoaming, Model, ModelName, ModemFirmwareVersion, OSVersion, PhoneNumber,
 Product, ProductName, SIMCarrierNetwork, SIMMCC, SIMMNC, SerialNumber, UDID
 and WiFiMAC.

 Please note that these fields could vary based on the OS version of the
 device.

 We need to make these fields generic which will be helpful for the MDM to
 fetch data accurately in generic manner as well as store them generically
 so that any platform can fit into the existing architecture.


 Regards,

 Dilshan

 --
 Dilshan Edirisuriya
 Senior Software Engineer - WSO2
 Mob: + 94 777878905
 http://wso2.com/
 https://www.linkedin.com/profile/view?id=50486426

___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] OSG level security

2015-02-15 Thread Harshan Liyanage

Hi,

I also agree with Aruna's point. We have to trust the admin users who has
physical access to the system. If those users are malicious users, they can
even bring the entire system down if they want. In such cases I believe
that we don't  have anything to do.

Thanks,

Lakshitha Harshan
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com http://wso2.com/*
lean.enterprise.middleware.

On Sun, Feb 15, 2015 at 8:13 PM, Aruna Karunarathna ar...@wso2.com wrote:



 On Fri, Feb 13, 2015 at 9:39 PM, Godwin Amila Shrimal god...@wso2.com
 wrote:

 Hi,

 Since most of the hacking/fraud happens from the internally this topic
 just came to my mind, Our carbon products don't have OSGI level security,
 As an example, If someone internally in the company knows OSGI then can
 write an OSGI bundle which harm to the system and deploy simply. Shouldn't
 we consider this ? (Apologize if I am asking a question which is not valid)


 AFAIK Most Important Carbon API's are protected using Java Security, So
 the OSGi level security can be achieved using Java Security Manager. But
 from someone who has physical access to the system, we have to trust them.

 One thing we can do is, implement a separate server auditing mechanism
 (which is out of control from devops).




 Thanks
 Godwin

 --
 *Godwin Amila Shrimal*
 Senior Software Engineer
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D http://lnkd.in/KUum6D*
 twitter: https://twitter.com/godwinamila

 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




 --

 *Aruna Sujith Karunarathna* | Software Engineer
 WSO2, Inc | lean. enterprise. middleware.
 #20, Palm Grove, Colombo 03, Sri Lanka
 Mobile: +94 71 9040362 | Work: +94 112145345
 Email: ar...@wso2.com | Web: www.wso2.com


 ___
 Architecture mailing list
 Architecture@wso2.org
 https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture


___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Moving the OAuth 2.0 Dynamic Client Registration(DCR) feature to WSO2 Identity Server

2016-02-05 Thread Harshan Liyanage

Hi,

Please find my comments inline.

@Roshan, Yes that is the proper way of getting resource data according to
Richardson maturity model for REST APIs.We provide resource ID and do get
to fetch resource.
I think we may add it for users to get data later.
They can change grant types, scopes or app name by logging to management
console. May be later we can support edit application with this web
application.
But as of now we focused on create and delete part only. But definitely we
need to look at edit option as well.
In that case we need to check user name and verify if app owner is edit app
or not. Otherwise anyone can edit other peoples apps.

We have done the same for EMM as well. However when a client invokes DCR
endpoint (POST) for creating a oauth-client, we send the data of the
oauth-client app if one already exists for the same client. I think we can
do the same here.
+1 for adding update API as well. But I think update API will be less
likely to be used as there may be very less use-cases where we need to
update the existing oauth-clients. So I believe you can add it later (In
such extreme cases clients can be updated using Carbon console as Sanjeewa
mentioned).

Registration endpoint may named as oauth2/dcr or oauth2/register.
If you use something like "oauth2/dcr" or "oauth2/register", you will run
into problems for GET and PUT endpoints as the both resource definitions
(dcr and register) does not make any sense when it comes to REST. I suggest
you could use something like "oauth2/client" which is more informative and
has a good resource definition.

Thanks,

Harshan Liyanage
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Fri, Feb 5, 2016 at 11:07 AM, Sanjeewa Malalgoda <sanje...@wso2.com>
wrote:

> As we discussed this endpoint will be secured with Basic Auth.
> That means anyone who has login permission can create OAuth application in
> system.
> If need we may add special permission to create OAuth applications.
>
> There is a profile called open registration for OAuth applications but its
> vulnerable to DoS attacks.
> So we must use some form of authentication.
> And spec says previously generated token also can use for this. But IMO it
> will not suitable for our requirement.
>
> @Roshan, Yes that is the proper way of getting resource data according to
> Richardson maturity model for REST APIs.We provide resource ID and do get
> to fetch resource.
> I think we may add it for users to get data later.
> They can change grant types, scopes or app name by logging to management
> console. May be later we can support edit application with this web
> application.
> But as of now we focused on create and delete part only. But definitely we
> need to look at edit option as well.
> In that case we need to check user name and verify if app owner is edit
> app or not. Otherwise anyone can edit other peoples apps.
>
> Registration endpoint may named as oauth2/dcr or oauth2/register.
> @Amila, having register is mandatory for registration URL?
> If we let users to edit/delete as well then having resource name as
> "register" may be bit of confusing.
>
> And most important thing this registration endpoint should secured with
> TLS 1.2 as per spec section 5[
> https://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-30#section-5].
>
> Thanks,
> sanjeewa.
>
>
>
> On Fri, Feb 5, 2016 at 12:34 AM, Amila De Silva <ami...@wso2.com> wrote:
>
>> Hi Tharika,
>>
>> Since *"**saasApp"* is not a common parameter as per the spec, you might
>> have to emphasise the usage of it.
>>
>> Just noticed that in the excerpt you've provided request is sent to a
>> resource named oauthdcr. Better if we can name it as /regsiter to show
>> the conformity with the spec.
>>
>> On Thu, Feb 4, 2016 at 9:52 PM, Tharika Madurapperuma <thar...@wso2.com>
>> wrote:
>>
>>> Hi All,
>>>
>>> We are planning of $subject.
>>>
>>> In some use cases, it is desirable or necessary to allow OAuth clients
>>> to obtain authorization from an authorization server without the two
>>> parties having previously interacted. Therefore in order for the
>>> authorization server to accurately represent to end users which client is
>>> seeking authorization to access the end user’s resources, a method for
>>> automatic and unique registration of clients is needed. This is where the
>>> Dynamic Client Registration protocol comes into play.
>>>
>>> The RFC related to this feature can be found in [1]
>>>
>>> *Problem*
>>>
>>&

Re: [Architecture] [EMM] Android agent auto enrollment

2016-01-27 Thread Harshan Liyanage

Hi,

Is the service app signed by the vendor? if it so why don't we use the
service app to get the serial number?

Good point. I think that should be possible. If so we can skip steps 6 and
7.

Thanks,

Harshan Liyanage
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Thu, Jan 28, 2016 at 11:05 AM, Chathura Dilan <chathu...@wso2.com> wrote:

> Hi Inosh,
>
> Could you explain why do you need connect it with the computer to retrieve
> the serial number?
> Is the service app signed by the vendor? if it so why don't we use the
> service app to get the serial number?
>
> On Thu, Jan 28, 2016 at 10:34 AM, Harshan Liyanage <hars...@wso2.com>
> wrote:
>
>> Hi Inosh,
>>
>> In the step 11, you have mentioned that the device sends authentication
>> request, generate access and refresh tokens and send it to device. However
>> you need client credentials (client key, secret) in-order to generate
>> access tokens. How are you planing to get these client credentials prior to
>> generating access tokens? In the existing EMM implementation we use
>> Dynamic-client-registration to do that. I think we can use the same here.
>> However we need to modify the flow diagram to reflect that.
>>
>> Thanks.
>>
>> Harshan Liyanage
>> Software Engineer
>> Mobile: *+94724423048*
>> Email: hars...@wso2.com
>> Blog : http://harshanliyanage.blogspot.com/
>> *WSO2, Inc. :** wso2.com <http://wso2.com/>*
>> lean.enterprise.middleware.
>>
>> On Tue, Jan 26, 2016 at 2:07 PM, Inosh Perera <ino...@wso2.com> wrote:
>>
>>> Hi Milan,
>>>
>>> +1 Cant we use an embedded QR code reader or some other way to retrieve
>>> this token?
>>> Using QR code is possible and it would make the process usable in all
>>> many platforms oppose to ADB where only Android is able to work with.
>>> Although when it comes to COPE scenario, mostly it is Android devices and
>>> it is a set of known devices so we can assume the driver change is not much
>>> of a concern. So under the above assumption at the time of device getting
>>> connected, we can think the drivers are already installed, which makes it
>>> much easier to enroll because the user only needs to plugin the device. In
>>> BYOP/CYOD scenario, this can be problematic.
>>>
>>> Regards,
>>> Inosh
>>>
>>>
>>> On Tue, Jan 26, 2016 at 12:29 PM, Milan Perera <mi...@wso2.com> wrote:
>>>
>>>> Hi Inosh,
>>>>
>>>> My concerns for the above proposed method as follows.
>>>>
>>>> AFAIU, in here what we are trying to do is to minimize the user
>>>> interaction with the device as much as possible for the auto enrolment
>>>> scenario.
>>>> However according to above method, user should have to connect the
>>>> device to a machine and has to run a script as well, hence it needs more
>>>> interaction.
>>>> Also, if we use ADB for this, there may be instance where PC does not
>>>> recognize the device, which ends up manually installing drivers and etc.
>>>>
>>>> Why do we have to use ADB in order to do this?
>>>>
>>>> Cant we use an embedded QR code reader or some other way to retrieve
>>>> this token?
>>>>
>>>> Regards,
>>>>
>>>> --
>>>> *Milan Perera *| Software Engineer
>>>> WSO2, Inc | lean. enterprise. middleware.
>>>> #20, Palm Grove, Colombo 03, Sri Lanka
>>>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
>>>> Email: mi...@wso2.com <ar...@wso2.com> | Web: www.wso2.com
>>>> <http://lk.linkedin.com/in/milanharinduperera>
>>>>
>>>> ___
>>>> Architecture mailing list
>>>> Architecture@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> Inosh Perera
>>> Software Engineer, WSO2 Inc.
>>> Tel: 077813 7285, 0785293686
>>>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Regards,
>
> Chatura Dilan Perera
> *Senior Software Engineer** - WSO2 Inc.*
> www.dilan.me
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] [EMM] Enabling application white listing and application blacklisting support

2016-02-01 Thread Harshan Liyanage

Hi Inosh,

There may be some cases where enterprises need to have application policies
for individual users. But I think that scenario is very unlikely. If we
take an organization, every user will map to one or more user-roles. There
might be situations where a role has only one user (i.e like CEO, MD).  But
still we can achieve it via the application policies for user-roles.

Thanks,

Harshan Liyanage
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Tue, Feb 2, 2016 at 9:37 AM, Inosh Perera <ino...@wso2.com> wrote:

> Hi all,
>
> Role based application restriction will be provided. Administrator will
> define a list of applications as a black list and a set of roles which is
> to be restricted to the application, along with the applications.
> Is there any particular reason for not having application policies for
> individual users?
>
> Regards,
> Inosh
>
> On Mon, Feb 1, 2016 at 11:05 PM, Prabath Abeysekera <praba...@wso2.com>
> wrote:
>
>>
>> On Mon, Feb 1, 2016 at 6:14 PM, Kasun Dananjaya Delgolla <kas...@wso2.com
>> > wrote:
>>
>>> Hi Lakshman,
>>>
>>> In terms of Android you can use blocking APIs[1] in Marshmallow SDK (SDK
>>> 23) to achieve this. We already use DevicePolicyManager API so you can
>>> straightaway add these new stuff into the same android agent API layer.
>>> Also for older API levels ( < 23) earlier we used a mechanism just to warn
>>> the user if a blacklisted app is installed on the device since blocking of
>>> apps is not supported in those API levels.
>>>
>>
>> We might need to dig slightly deep into some of the APIs around and see
>> if we've already got anything to mimic what's done in DevicePolicyManager,
>> which is part of Marshmallow SDK; in previous versions of Android SDK. So,
>> please check if there's any mechanism that'd potentially allow us to go
>> beyond merely warning the user when a blacklisted application is installed
>> and then block the installation completely particularly targeting SDKs < 23.
>>
>> Cheers,
>> Prabath
>>
>>
>>>
>>> One more thing, we can add this to the system app which I'm in the
>>> process of building. Then we can enable COPE (rooted/system access granted)
>>> devices to blacklist/whitelist apps even though the API level is < 23.
>>>
>>> [1] -
>>> http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html
>>>
>>> Thanks
>>>
>>> On Mon, Feb 1, 2016 at 5:50 PM, Lakshman Udayakantha <lakshm...@wso2.com
>>> > wrote:
>>>
>>>> Hi,
>>>>
>>>> There is a requirement to implement application white listing and
>>>> application black listing support in Enterprise Mobility Manager.
>>>> Application white listing means creating a list of applications which are
>>>> only allowed to run on mobile devices which are connected to EMM.
>>>> Application blacklisting is the opposite meaning in which there is a list
>>>> of applications which are only not allowed to run on mobile devices which
>>>> connected to EMM.
>>>> As a solution for this we thought to introduce a configuration to
>>>> identify black listing, white listing enabled or not and exactly which
>>>> listing is enabled and If each configuration enabled separately EMM will
>>>> behave in following manner.
>>>>
>>>> If ABL enabled,
>>>>
>>>> Role based application restriction will be provided. Administrator will
>>>> define a list of applications as a black list and a set of roles which is
>>>> to be restricted to the application, along with the applications.
>>>>
>>>> If AWL enabled,
>>>>
>>>> Administrator will check specific list of applications from admin UI.
>>>> Only these applications will load on app store. Other means of applications
>>>> installing will be blocked.
>>>> 1. Blocking side-loading.
>>>> 2. Third party app store blocking except EMM app store.
>>>> 3. Google Play app blocking
>>>>
>>>> Any suggestions and thoughts are highly appreciated.
>>>>
>>>> Thanks
>>>> --
>>>> Lakshman Udayakantha
>>>> WSO2 Inc. www.wso2.com
>>>> lean.enterprise.middleware
>>>> Mobile: *0714388124 <0714388124>*
>>>>

Re: [Architecture] [EMM] Android agent auto enrollment

2016-01-27 Thread Harshan Liyanage

Hi Inosh,

In the step 11, you have mentioned that the device sends authentication
request, generate access and refresh tokens and send it to device. However
you need client credentials (client key, secret) in-order to generate
access tokens. How are you planing to get these client credentials prior to
generating access tokens? In the existing EMM implementation we use
Dynamic-client-registration to do that. I think we can use the same here.
However we need to modify the flow diagram to reflect that.

Thanks.

Harshan Liyanage
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Tue, Jan 26, 2016 at 2:07 PM, Inosh Perera <ino...@wso2.com> wrote:

> Hi Milan,
>
> +1 Cant we use an embedded QR code reader or some other way to retrieve
> this token?
> Using QR code is possible and it would make the process usable in all many
> platforms oppose to ADB where only Android is able to work with. Although
> when it comes to COPE scenario, mostly it is Android devices and it is a
> set of known devices so we can assume the driver change is not much of a
> concern. So under the above assumption at the time of device getting
> connected, we can think the drivers are already installed, which makes it
> much easier to enroll because the user only needs to plugin the device. In
> BYOP/CYOD scenario, this can be problematic.
>
> Regards,
> Inosh
>
>
> On Tue, Jan 26, 2016 at 12:29 PM, Milan Perera <mi...@wso2.com> wrote:
>
>> Hi Inosh,
>>
>> My concerns for the above proposed method as follows.
>>
>> AFAIU, in here what we are trying to do is to minimize the user
>> interaction with the device as much as possible for the auto enrolment
>> scenario.
>> However according to above method, user should have to connect the device
>> to a machine and has to run a script as well, hence it needs more
>> interaction.
>> Also, if we use ADB for this, there may be instance where PC does not
>> recognize the device, which ends up manually installing drivers and etc.
>>
>> Why do we have to use ADB in order to do this?
>>
>> Cant we use an embedded QR code reader or some other way to retrieve this
>> token?
>>
>> Regards,
>>
>> --
>> *Milan Perera *| Software Engineer
>> WSO2, Inc | lean. enterprise. middleware.
>> #20, Palm Grove, Colombo 03, Sri Lanka
>> Mobile: +94 77 309 7088 | Work: +94 11 214 5345
>> Email: mi...@wso2.com <ar...@wso2.com> | Web: www.wso2.com
>> <http://lk.linkedin.com/in/milanharinduperera>
>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>>
>
>
> --
> Inosh Perera
> Software Engineer, WSO2 Inc.
> Tel: 077813 7285, 0785293686
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Circuit Breaker Pattern for MSF4J

2016-03-30 Thread Harshan Liyanage

Hi Azeez,

Does this timeout in open state occurs in exponentially (first timeout in
10 secs, next in 20 secs etc) or linearly when transitioning back to
half-open state? For example if the state is in "Open" and now the timeout
(lets say 10secs timeout) occurs. Then the state is moved to "half-open"
state. But the next request is also a failure and breaker state is moved
back to "open". In this occasion the what will be the timeout value? Is it
10 secs or 20 secs?

Having an exponential timeout might be beneficiary here as it might save
lot of resources if the service is continuously failing. But I think it
would be better if we can provide both options in a configurable manner. So
it is up to the developer to decide which method to use.

Thanks,

Harshan Liyanage
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Wed, Mar 30, 2016 at 5:05 AM, Afkham Azeez <az...@wso2.com> wrote:

> I have written a sample which demonstrates circuit breaker in action;
> http://blog.afkham.org/2016/03/microservices-circuit-breaker.html
>
> On Sat, Mar 12, 2016 at 6:09 PM, Afkham Azeez <az...@wso2.com> wrote:
>
>> This is a feature supported by some microservices frameworks. On the
>> server side, in this case MSF4J runtime, failure counts are kept track of
>> and then if the failures exceed certain thresholds, the circuit trips and
>> rather than dispatch to the service, it returns service unavailable.
>>
>> Can you explain why this is not needed in a container environment?
>>
>> On Sat, Mar 12, 2016 at 12:56 PM, Sanjiva Weerawarana <sanj...@wso2.com>
>> wrote:
>>
>>> I don't understand what server side circuit breaker means. How does the
>>> server adjust itself? Where's that bit of logic running?
>>>
>>> IMO this is not needed in a container world.
>>>
>>> On Fri, Mar 11, 2016 at 4:38 PM, Afkham Azeez <az...@wso2.com> wrote:
>>>
>>>> Yes, that is client side circuit breaker. What Aruna is implementing is
>>>> server side circuit breaker. Yes, we need both.
>>>>
>>>> On Fri, Mar 11, 2016 at 4:04 PM, Lakmal Warusawithana <lak...@wso2.com>
>>>> wrote:
>>>>
>>>>> Did you looked at [1]
>>>>>
>>>>> Netflix Hystrix <https://github.com/Netflix/Hystrix> is an incredibly
>>>>> useful library for writing code that invokes remote services. Hystrix 
>>>>> times
>>>>> out calls that exceed the specified threshold. It implements a *circuit
>>>>> breaker* pattern, which stops the client from waiting needlessly for
>>>>> an unresponsive service. If the error rate for a service exceeds a
>>>>> specified threshold, Hystrix trips the circuit breaker and all requests
>>>>> will fail immediately for a specified period of time. Hystrix lets you
>>>>> define a fallback action when a request fails, such as reading from a 
>>>>> cache
>>>>> or returning a default value. If you are using the JVM you should
>>>>> definitely consider using Hystrix.
>>>>>
>>>>> [1] https://github.com/Netflix/Hystrix
>>>>>
>>>>> On Fri, Mar 11, 2016 at 2:42 PM, Aruna Karunarathna <ar...@wso2.com>
>>>>> wrote:
>>>>>
>>>>>> Hi Devs,
>>>>>>
>>>>>> *Scenario*
>>>>>>
>>>>>> The deployed services in a MSF4J may fail to serve the requests due
>>>>>> to various factors. e.g,
>>>>>> 1. Less resources in the server.
>>>>>> 2. High Load in the server
>>>>>> 3, Some services take more time to respond etc.
>>>>>>
>>>>>> In this kind of a situation, if the server is getting requests though
>>>>>> there is no resources to serve those requests, and eventually the server
>>>>>> will get unusable.
>>>>>>
>>>>>> *Solution*
>>>>>>
>>>>>> The Circuit Breaker design pattern can save the server from above
>>>>>> scenarios, The typical design can be illustrated as in the following
>>>>>> diagram.
>>>>>>
>>>>>>
>>>>>> So as in the above diagram, when number of failures of a particular
>>>>>> resource exceeds the Max Failure Count, then the state of that resource 
>

Re: [Architecture] [CDMF] [EMM 2.1.0] Basic Use-cases for Dashboard Analytics Feature

2016-03-30 Thread Harshan Liyanage

Hi Dilan,

Should n't we include some performance related dashboard as well? For
example we can show no of connected devices per second, average response
times,  logged in user-count etc. I think it may not be feasible at this
moment. But we can include such a dashboard in the next release. That'll be
a nice feature to have.

Thanks,

Harshan Liyanage
Software Engineer
Mobile: *+94724423048*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Wed, Mar 30, 2016 at 7:08 AM, Dilan Udara Ariyaratne <dil...@wso2.com>
wrote:

> Hi Hasunie,
>
> Yes, Most of the use-cases that you have pointed out here are of-course
> currently on consideration under
> application related analytics. Not only "applications" related, but also
> "user" and "policy" related use-cases are currently on review.
>
> I will update the thread ASAP on such requirements once they are sort of
> finalyzed.
>
> Thanks,
> Dilan.
>
>
>
>
>
>
> *Dilan U. Ariyaratne*
> Software Engineer
> WSO2 Inc. <http://wso2.com/>
> Mobile: +94766405580 <%2B94766405580>
> lean . enterprise . middleware
>
>
> On Tue, Mar 29, 2016 at 10:51 PM, Hasunie Adikari <hasu...@wso2.com>
> wrote:
>
>> Hi Dilan,
>>
>> It should be add app related analytics like
>>
>> 1. Blacklisted app count
>> 2. Recently updated app count
>> 3. Recommended app count
>> 4. Total device count not having latest app version.
>> 5. App usage based on the platform, platform version
>> 6. Most frequently used applications.
>> 7. Application crash scenarios.
>>
>>
>> On Tue, Mar 29, 2016 at 6:47 PM, Dilan Udara Ariyaratne <dil...@wso2.com>
>> wrote:
>>
>>> Hi Geeth,
>>>
>>> Currently there is a plan to show device counts based on user defined
>>> custom groups in EMM snapshot dashboard.
>>> This is in addition to the platform based and ownership based default
>>> grouping of devices.
>>>
>>> However, we may have to postpone plans on showing device counts based on
>>> "INACTIVE", "BLOCKED" and "UNREACHABLE" states as
>>> back-end support for maintaining such states are not yet available.
>>>
>>> Regards,
>>> Dilan.
>>>
>>>
>>>
>>>
>>>
>>> *Dilan U. Ariyaratne*
>>> Software Engineer
>>> WSO2 Inc. <http://wso2.com/>
>>> Mobile: +94766405580 <%2B94766405580>
>>> lean . enterprise . middleware
>>>
>>>
>>> On Fri, Feb 12, 2016 at 10:27 AM, Geeth Munasinghe <ge...@wso2.com>
>>> wrote:
>>>
>>>> Hi Dilan,
>>>>
>>>> We may have to include the following too.
>>>>
>>>>1. Device count by groups,
>>>>2. Device groups
>>>>3. Active/Inactive devices
>>>>4. Blocked/Removed devices
>>>>5. Unreachable devices
>>>>6. Number of enrolled devices within give time frame (new devices
>>>>added)
>>>>
>>>> Thanks
>>>> Geeth
>>>>
>>>>
>>>> *G. K. S. Munasinghe*
>>>> *Senior Software Engineer,*
>>>> *WSO2, Inc. http://wso2.com <http://wso2.com/> *
>>>> *lean.enterprise.middleware.*
>>>>
>>>> email: ge...@wso2.com
>>>> phone:(+94) 777911226
>>>>
>>>> On Fri, Feb 12, 2016 at 10:17 AM, Dilan Udara Ariyaratne <
>>>> dil...@wso2.com> wrote:
>>>>
>>>>> Hi All,
>>>>>
>>>>> For the upcoming EMM 2.1.0 release, we have identified following basic
>>>>> use-cases for
>>>>> the Dashboard Analytics Feature with respect to devices.
>>>>>
>>>>> [1] Device count by Platform
>>>>> [2] Device count by Ownership (BYOD, COPE)
>>>>> [3] Device count by Security Concerns
>>>>>  - unmanaged (Meaning no policies currently assigned to the device)
>>>>>  - non-compliant (Meaning a policy has been already assigned, but
>>>>> its rules have been maliciously overridden by some other third party)
>>>>>  - no passcode
>>>>>  - no encryption
>>>>> [4] Last Seen Overview - Devices seen in last 8 hours
>>>>>  Last Seen Breakdown - Devices seen by dates (0-5, 5-15, 15-30,
>>>>> >30)
>>>>

Re: [Architecture] [IoT] Load Distribution for Device + Server Communication.

2017-03-01 Thread Harshan Liyanage

Hi all,

Currently the bottleneck happens at getPendingOperations API. That method
takes a while to be executed as it involves both fetching the next
operations & updating the status of completed operations. The complete
getPendingOperations flow has more than 5 database calls (as I remember)
including a DB update. Hence most of the execution time would be spending
on DB queries. A proper distribution of load might help us to safeguard
server from sudden bursts for some extent. But IMO I think we should be
also focusing on making getPendingOperations flow more efficient so that
each device spends a lesser time in executing getPendingOperations API. For
that we'll have to use queues for both ways (fetching / updating) so that
we could fetch / update data from in-memory queue rather than from DB which
is more efficient. Hence +1 for using Queues.

Thanks,


Harshan Liyanage
EMM/IoT TG
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Thu, Mar 2, 2017 at 12:10 PM, Kamidu Punchihewa <sachi...@wso2.com>
wrote:

> Hi All,
>
> Queuing the in and out communications seems to be the best option other
> than handling the loading using times outs. But we need to come up with the
> priority order when its come to the communication which is time sensitive
> temperature monitoring in fire alarm etc.
>
> +1 for utilizing queues for communications going both ways.
>
> Thanks and Best Regards,
>
> Kamidu Sachith Punchihewa
> *Software Engineer*
> WSO2, Inc.
> lean . enterprise . middleware
> Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194>
>
> Please Note that I have dyslexia and it may results in few misspelled
> words in the content.
>
> Disclaimer: This communication may contain privileged or other
> confidential information and is intended exclusively for the addressee/s.
> If you are not the intended recipient/s, or believe that you may have
> received this communication in error, please reply to the sender indicating
> that fact and delete the copy you received and in addition, you should not
> print, copy, retransmit, disseminate, or otherwise use the information
> contained in this communication. Internet communications cannot be
> guaranteed to be timely, secure, error or virus-free. The sender does not
> accept liability for any errors or omissions.
>
> On Tue, Feb 28, 2017 at 7:41 AM, Charitha Goonetilleke <charit...@wso2.com
> > wrote:
>
>> Hi All,
>>
>> I think it is better to have a solution which could be implemented in
>> server side to distribute operations among devices. Because as we know
>> device agents in IoTS devices are different to each other. In according to
>> our architecture, we are letting anyone to write their own device types as
>> well as the agents. Also we don't have our own agent for windows devices
>> but using default windows workspace configurations to provide MDM. So
>> implementing agent side solution would be more complex for some device
>> types and will not move forward with all device types.
>>
>> Anyway as according what to suggested by Geeth & Menaka, we could use
>> batch processing in server side to deliver operation to device batches
>> rather than sending it to all devices. So we can use operation queue to
>> deliver operations periodically to device batches. However we need to
>> figure out few more things in there.
>>
>>
>>1. How we figure out optimum number of devices we should call in a
>>batch?
>>2. What is the time span of delivering operation to all target
>>devices?
>>3. What we do if someone want to send operation immediately?
>>4. Can we assure guaranteed delivery and can avoid repeated
>>operations?
>>
>> For 1 & 2, we could use configuration to provide capability to set size
>> of a batch and time span. However for 3, we need to have additional option
>> to send operations immediately, probably using a priority queue. Also when
>> it comes to 4, we need to keep records about the operations we have
>> delivered and would be enough to add one additional operation status like
>> "Queued". So we can change operation status to pending, when operation is
>> delivered.
>>
>> WDYT?
>>
>> Thanks & Regards,
>> /charithag
>>
>> On Tue, Feb 28, 2017 at 12:39 AM, Menaka Jayawardena <men...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> IMO we can send a timeout with the operation which, once the operation/
>>> notification is received by the device, it waits for the given tim

Re: [Architecture] Feature Management of IoT Server

2016-11-02 Thread Harshan Liyanage

Hi Ayyoob,

That was the my concern as well. However we can consider the device-model
instead of the device instance because ultimately all the supported
features of a device will be dictated by the device model & vendor. By that
way we can avoid lots of duplicate data. We can get this information from
the device instance while it's enrolling as you have suggested. Then we can
insert it to the tables only if that device model does not exists in the
database.

Thanks,

Harshan Liyanage
EMM/IoT TG
WSO2

On Nov 2, 2016 10:03 PM, "Ayyoob Hamza" <ayy...@wso2.com> wrote:

> I had an offline discussion and got an explanation from chathuraD.
>
> The problem here could be explained with a simple use case: Android has a
> set of features but an instance of an android device doesn't have the
> feature that is definied in the device type definition(eg: *Android OS
> supports enabling/disabling fingerprint but the smart phone hardware
> doesn't have a fingerprint scanner*).
>
> In our current implementation we don't support this. This is because we
> have assumed that the device type has a set of feature and it is available
> across all the instances. Therefore in the current approach when we send an
> operation to a device and if the device doesn't support it then it sends a
> feedback. This is not a synchronous flow and the user does not get a
> realtime feedback whether the operation can be executed on the device or
> not.
>
> However to solve this issue what we have todo is to maintain information
> about the features a device(an instance) supports, This information can be
> sent from the device when it enrolls/updates. In addition we need some form
> of a compliance check to see whether the device has the particular feature
> before sending this operation to the device. Implementing above requirement
> will provide a good feed back mechanism to the user.
>
> @Chathura, In CDMF context we have defined that features is some thing
> that we operate to. Sending read operation from server to device would be
> just one use case but it doesn't need to be always, device can be
> programmed to push data for a given interval or set a policy and trigger
> with a conditional push. Therefore IMHO I think we need a separation.
> Please correct me if I am wrong.
>
> Thanks,
> Ayyoob
>
> *Ayyoob Hamza*
> *Software Engineer*
> WSO2 Inc.; http://wso2.com
> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>
> On Wed, Nov 2, 2016 at 3:44 PM, Chathura Ekanayake <chath...@wso2.com>
> wrote:
>
>> Yes.. in the feature definition xml I sketched out, there are multiple
>> criteria under  tag.
>>
>> On Wed, Nov 2, 2016 at 2:55 PM, Chathura Dilan <chathu...@wso2.com>
>> wrote:
>>
>>> Hi Chathura,
>>>
>>> How about having multiple criteria under one feature so we can better
>>> address all the scenarios.
>>>
>>>
>>> On Wed, Nov 2, 2016 at 12:36 PM, Chathura Ekanayake <chath...@wso2.com>
>>> wrote:
>>>
>>>> Regarding sensors, we can consider them as features, where the action
>>>> they support is "read value". If we are using polling method to trigger
>>>> operations, read operation can have a parameter with an endpoint to send
>>>> sensor reading.
>>>>
>>>> - Chathura
>>>>
>>>> On Wed, Nov 2, 2016 at 12:30 PM, Chathura Ekanayake <chath...@wso2.com>
>>>> wrote:
>>>>
>>>>> I think we can define a feature (or an operation) with:
>>>>>
>>>>> A) Feature code - to identify the feature
>>>>> B) Filtering criteria - to identify devices which can perform the
>>>>> operation
>>>>> C) Operation parameters - Additional details needed by the operation
>>>>>
>>>>> Restriction criteria such as device type, group ID, device version
>>>>> (better a range of versions) can come under B. So whenever an operation is
>>>>> invoked, IOT platform should evaluate device details against B and decide
>>>>> whether to permit the operation. If permitted, it can get C from the user
>>>>> (or from an external system) and add an operation record in DB with A and 
>>>>> C
>>>>> against the device ID.
>>>>>
>>>>> With this we can use feature schema similar to what Ruwan has proposed:
>>>>>
>>>>> 
>>>>> 
>>>>> abc
>>>>> this is a feature
>>>>> 
>>>>> DT1
>>

Re: [Architecture] Feature Management of IoT Server

2016-11-02 Thread Harshan Liyanage

Hi Ayyoob,

Yes you are correct. But I took the barometer as an example. However there
may be real scenarios where some devices does not have GPS so that we can't
access the location info. In such cases we need to disable "Location"
operation for those devices.

Thanks,

Harshan Liyanage
EMM/IoT TG
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Wed, Nov 2, 2016 at 10:07 AM, Ayyoob Hamza <ayy...@wso2.com> wrote:

> @Harshan, sensors are not part of features(correct me if I am wrong), This
> is why there was a requirement raised for sensor management as part of
> device management and we had an implementation to support this(from shabir)
> which is not merged yet.
>
> [1] https://github.com/wso2/carbon-device-mgt/pull/407
> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-device-mgt%2Fpull%2F407=D=1=AFQjCNGLqXZzNEVnTBLB5rugQeJWfFmnNQ>
> [2] https://github.com/wso2/carbon-device-mgt-plugins/pull/394
> <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fcarbon-device-mgt-plugins%2Fpull%2F394=D=1=AFQjCNFHWDeJJW5WCMCeENFnDo6271makQ>
>
>
> *Ayyoob Hamza*
> *Software Engineer*
> WSO2 Inc.; http://wso2.com
> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>
> On Wed, Nov 2, 2016 at 9:54 AM, Harshan Liyanage <hars...@wso2.com> wrote:
>
>> Hi Dilan,
>>
>> +1 for the idea. But we also need to consider the device model when comes
>> to the features. For example there may be Android devices where some
>> sensors like barometer is not present. This will be mostly applicable to
>> the mobile device types because IOT devices will have their own plugin
>> independent of the device model (correct me if I'm wrong).
>>
>> Thanks,
>>
>> Harshan Liyanage
>> EMM/IoT TG
>> Mobile: *+94765672894*
>> Email: hars...@wso2.com
>> Blog : http://harshanliyanage.blogspot.com/
>> *WSO2, Inc. :** wso2.com <http://wso2.com/>*
>> lean.enterprise.middleware.
>>
>> On Wed, Nov 2, 2016 at 9:14 AM, Jasintha Dasanayake <jasin...@wso2.com>
>> wrote:
>>
>>> Hi All
>>>
>>> Yes.. , engaging with a plugin repository like eclipse vorto would be
>>> great idea for IOT , we can provide set of extension point (we may already
>>> have)  where custom plugins can be plugged in
>>>
>>>
>>> Thanks
>>> /Jasintha
>>>
>>> On Wed, Nov 2, 2016 at 7:53 AM, Ruwan Yatawara <ruw...@wso2.com> wrote:
>>>
>>>>
>>>> On Wed, Nov 2, 2016 at 7:23 AM, Ayyoob Hamza <ayy...@wso2.com> wrote:
>>>>
>>>>> different
>>>>
>>>>
>>>> I am with Ayyoob in that the term "feature" sounds very much something
>>>> from the mobile world. But if you think about it, any functionality that a
>>>> user sees on the dashboard of a device type is a feature. So I am +1 for
>>>> bringing feature definition down to the mobile plugin in form like.
>>>>
>>>> 
>>>> 
>>>> abc
>>>> 5.0.0
>>>> this is a feature
>>>> 
>>>> place_holder
>>>> place_holder
>>>> place_holder
>>>> 
>>>> 
>>>> 
>>>>
>>>> But somewhere down the line when it comes to orchestrating device 
>>>> integration flows, we most definitely as Ayyoob mentioned, have to take a 
>>>> look at Vorto... which is very cool IMO.
>>>>
>>>>
>>>> Thanks and Regards,
>>>>
>>>> Ruwan Yatawara
>>>>
>>>> Associate Technical Lead,
>>>> WSO2 Inc.
>>>>
>>>> email : ruw...@wso2.com
>>>> mobile : +94 77 9110413
>>>> blog : http://ruwansrants.blogspot.com/
>>>>   https://500px.com/ruwan_ace
>>>> www: :http://wso2.com
>>>>
>>>>
>>>
>>>
>>> --
>>>
>>> *Jasintha Dasanayake**Associate Technical Lead*
>>>
>>> *WSO2 Inc. | http://wso2.com <http://wso2.com/>lean . enterprise .
>>> middleware*
>>>
>>>
>>> *mobile :- 0711-368-118*
>>>
>>
>>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Feature Management of IoT Server

2016-11-02 Thread Harshan Liyanage

Hi Dilan,

+1 for the idea. But we also need to consider the device model when comes
to the features. For example there may be Android devices where some
sensors like barometer is not present. This will be mostly applicable to
the mobile device types because IOT devices will have their own plugin
independent of the device model (correct me if I'm wrong).

Thanks,

Harshan Liyanage
EMM/IoT TG
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Wed, Nov 2, 2016 at 9:14 AM, Jasintha Dasanayake <jasin...@wso2.com>
wrote:

> Hi All
>
> Yes.. , engaging with a plugin repository like eclipse vorto would be
> great idea for IOT , we can provide set of extension point (we may already
> have)  where custom plugins can be plugged in
>
>
> Thanks
> /Jasintha
>
> On Wed, Nov 2, 2016 at 7:53 AM, Ruwan Yatawara <ruw...@wso2.com> wrote:
>
>>
>> On Wed, Nov 2, 2016 at 7:23 AM, Ayyoob Hamza <ayy...@wso2.com> wrote:
>>
>>> different
>>
>>
>> I am with Ayyoob in that the term "feature" sounds very much something
>> from the mobile world. But if you think about it, any functionality that a
>> user sees on the dashboard of a device type is a feature. So I am +1 for
>> bringing feature definition down to the mobile plugin in form like.
>>
>> 
>> 
>> abc
>> 5.0.0
>> this is a feature
>> 
>> place_holder
>> place_holder
>> place_holder
>> 
>> 
>> 
>>
>> But somewhere down the line when it comes to orchestrating device 
>> integration flows, we most definitely as Ayyoob mentioned, have to take a 
>> look at Vorto... which is very cool IMO.
>>
>>
>> Thanks and Regards,
>>
>> Ruwan Yatawara
>>
>> Associate Technical Lead,
>> WSO2 Inc.
>>
>> email : ruw...@wso2.com
>> mobile : +94 77 9110413
>> blog : http://ruwansrants.blogspot.com/
>>   https://500px.com/ruwan_ace
>> www: :http://wso2.com
>>
>>
>
>
> --
>
> *Jasintha Dasanayake**Associate Technical Lead*
>
> *WSO2 Inc. | http://wso2.com <http://wso2.com/>lean . enterprise .
> middleware*
>
>
> *mobile :- 0711-368-118*
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

[Architecture] [Dev] [VOTE] Release WSO2 Enterprise Mobility Manager 2.2.0 RC2

2016-11-29 Thread Harshan Liyanage

Hi Devs,

This is the release candidate of WSO2 Enterprise Mobility Manager 2.2.0.

Please download EMM 2.2.0 RC2 and test the functionality and vote. Vote
will be open for 72 hours or as needed.
Know issues: https://wso2.org/jira/issues/?filter=13384
Fixes provided : https://wso2.org/jira/issues/?filter=13582
<https://wso2.org/jira/issues/?filter=13582>

Source & binary distribution files:
https://github.com/wso2/product-emm/releases/tag/v2.2.0-RC2

The tag to be voted upon:
https://github.com/wso2/product-emm/tree/release-2.2.0-RC2


[+] Stable - go ahead and release
[-]  Broken - do not release (explain why)

Thanks and Regards,


Harshan Liyanage
EMM/IoT TG
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] FCM for Android

2016-11-30 Thread Harshan Liyanage

Hi Pasindu,

It was the mechanism we have used in EMM 1.1.0 with GCM. But AFAIK the
intention of GCM or FCM or anyother notification service (i.e APNS) is to
just send the wakeup call to the device. That's the reason behind we have
changed our implementation (from EMM 2.0.0 onwards) to send only the wakeup
call.

Thanks,

Harshan Liyanage
EMM/IoT TG
WSO2

On Dec 1, 2016 9:54 AM, "Pasindu Upulwan" <pasindujw...@cse.mrt.ac.lk>
wrote:

> Hi Inosh,
>
> Instead of letting the app to fetch the operation from the IoT/EMM server
> (step 7 in the diagram), is it possible to attach the operation information
> also in the wakeup message itself? The FCM size limit of 4096 bytes will be
> enough to attach most of the basic operation payloads such as ring
> operation, mute operation, etc. That will reduce the amount of
> communications the app needs to do with the sever to execute an operation.
> Perhaps after doing the operation, the app may send a 'delivery report' to
> the IoT/EMM server if the delivery report of FCM is not enough to prove the
> completion of the operation sent to the app.
>
> Thanks.
>
> On 30 November 2016 at 22:58, Inosh Perera <ino...@wso2.com> wrote:
>
> >
>
> > Hi Dilan,
> >
> > [1] Are we bringing FCM as a replacement for GCM or as another Push
> Notification Mechanism that can be enabled apart from GCM ?
>
> >>
>
> >> FCM is a replacement for GCM. With deprecation of GCM(1), we have moved
> to FCM.
> >
> >
> > [2] If as a replacement, what advantages are there with FCM over GCM ?
>
> >>
>
> >> Firebase platform has more features compared to GCM(2) which we can be
> utilised in the future for example crash reporting.
>
>
> >>
> >> FCM has an improved message delivery speed which is said to be 95% of
> total messages be delivered within 250ms(3)
> >> Firebase is cross platform(4)
>
>
> >>
> >>
> >
> > [3] When it comes to Google-services.json, It seems that it is required
> to obtain a separate Google-services.json + FCM server token per each
> production deployment and
> >  compile the agent embedding this file. If that's the case here,
> cannot we achieve the same without letting a user to compile the source ?
> >  Each customer need to compile the agent and have this file
> available in the root directory as mandated by Google(5). If this is not
> available, Android studio will not allow you to compile the agent/any other
> app that uses FCM.
> >
> >  what if the device could retrieve this file at the time of enrollment
> with the server and we provide this configuration to the server via
> platform configurations ?
>
>
> >>
> >> Since this is in source folder, the original json file need to be
> available at compile time and we cannot replace it on-the-fly at runtime.
> >
> >
> > [4] And at last a general question, architecturally, how FCM differs
> from GCM ?
> >  As mentioned main differences is in client side. Earlier we defined
> a key called the sender ID in the platform configurations and this was
> delivered to the device after authentication. With this ID, we initiated
> registration with GCM server. However with FCM, there is no sender ID, but
> all the configurations are stored in a json file we discussed earlier and
> at the time of app's first initialisation, token retrieval will happen
> automatically. This token is now called FCM instance ID token which was
> earlier known as the GCM registration ID. Google has also replaced the
> earlier "API key" which was used to invoke GCM server with "firebase cloud
> messaging token" to establish the link with FCM server. FCM instance ID
> token is provided instead of GCM registration ID when communicating with
> FCM server.
> >
> > (1). https://developers.google.com/cloud-messaging/android/legacy-regid#
> registration-state-sync-handling
> > (2). https://firebase.google.com/features/
> > (3). https://www.youtube.com/watch?v=sioEY4tWmLI
> > (4). https://firebase.google.com/docs/cloud-messaging/
> > (5). https://firebase.google.com/docs/android/setup
> >
> > Regards,
> > Inosh
> >
> > On Wed, Nov 30, 2016 at 9:25 PM, Dilan Udara Ariyaratne <dil...@wso2.com>
> wrote:
>
> >>
>
> >> Hi Inosh and All,
> >>
> >> Having following questions regarding this feature and the enabling
> technology :
> >>
> >> [1] Are we bringing FCM as a replacement for GCM or as another Push
> Notification Mechanism that can be enabled apart from GCM ?
> >> [2] If as a replacement, what advantages are there wit

Re: [Architecture] [IoT] Simplifying IoT device type plugin with a descriptor

2016-11-30 Thread Harshan Liyanage

Hi Ayyoob,

There are some instances where we need to cater plugin-specific
functionalities which can't be achieved through a boiler-plate
implementation. This behavior can be seen in mostly mobile-device plugins.
For most of the times we don't need specific internal implementation. For
example sometimes we need to store some device data in plugin database
table and fetch it using a specific query. How are we planning to move
forward in such scenarios? Can this deployer generate tables other than
device table and feature table? If not I suggest to add following
capabilities to the deployer model.

   - Ability to specify custom tables
   - Ability to specify custom queries/DAOs
   - Extension model where we can specify custom implementations which are
   required for the device plugin

WDYT?

Thanks,

Harshan Liyanage
EMM/IoT TG
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Tue, Nov 22, 2016 at 10:10 PM, Ayyoob Hamza <ayy...@wso2.com> wrote:

> Hi Dilan,
>
>
>> Does this mean we can basically have a ready-to-use device plug-in
>> implementation, just by configuring a descriptor file ?
>>
> Yes thats the idea, In here the plugin means the osgiService which
> contains the definition of the device type. we found from the existing
> device type that it all follows the same implementation template as the
> plug-in(DeviceManagementService) implementation. Therefore I created a
> generic template which populates the DeviceManagementService through a
> configuration file.
>
> Thanks,
> Ayyoob
>
>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Restructuring Device Type Plugins for IoT

2016-11-30 Thread Harshan Liyanage

Hi Ruwan,

We have included the notification providers like GCM, MQTT, FireBase inside
the core (in device-mgt-extensions component) in the existing
implementation of device-mgt. I do agree with your comment that says those
are only extensions to the core framework. Have we thought of moving them
out from core as a plugin-extension?

Thanks,

Harshan Liyanage
EMM/IoT TG
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Wed, Nov 23, 2016 at 9:26 AM, Ruwan Yatawara <ruw...@wso2.com> wrote:

> @Dilan,
> The idea here is that things like the transports adapters and the
> appm-connector are modular plugins that are just complementing the CDMF
> which is s framework. The framework does not necessarily need these to
> function and perform its core tasks. Hence these should evolve/get added
> independently from the framework. Furthermore given that, once the core
> matures, releases of these extensions will be more frequent than changes to
> the core, hence all the more need for this to be managed separately. We may
> later even need to make a separate repository out of these extensions, as
> one can also argue that such extensions do not belong in the device-type
> repo.
>
> @Chathura,
> As of this moment, we do not promote dynamic deployment of device types.
> But yes, you are right we will have to think about this at some point down
> the line when we support same.
>
> Thanks and Regards,
>
> Ruwan Yatawara
>
> Associate Technical Lead,
> WSO2 Inc.
>
> email : ruw...@wso2.com
> mobile : +94 77 9110413
> blog : http://ruwansrants.blogspot.com/
>   https://500px.com/ruwan_ace
> www: :http://wso2.com
>
>
> On Wed, Nov 23, 2016 at 5:47 AM, Chathura Dilan <chathu...@wso2.com>
> wrote:
>
>> Hi Ruwan,
>>
>> How about having a UI for the plugin deployment? So plugins can be
>> installed and uninstalled via the UI like how we install/uninstall features
>> in the carbon console.
>>
>> On Tue, Nov 22, 2016 at 9:59 PM, Dilan Udara Ariyaratne <dil...@wso2.com>
>> wrote:
>>
>>> Hi Ruwan,
>>>
>>> Why would not analytics be inside a particular device type ?, this is in
>>> fact the idea provided in [1].
>>> And also, if these Input/Output transport adapters and extensions for
>>> MB/APP-M are in common to any device type,
>>> cannot we move them down to carbon-device-mgt platform layer ?
>>>
>>> References :
>>> [1] [Architecture] [IoT] Simplifying IoT device type plugin with a
>>> descriptor
>>>
>>> Thanks,
>>> Dilan.
>>>
>>>
>>> *Dilan U. Ariyaratne*
>>> Senior Software Engineer
>>> WSO2 Inc. <http://wso2.com/>
>>> Mobile: +94766405580 <%2B94766405580>
>>> lean . enterprise . middleware
>>>
>>>
>>> On Tue, Nov 22, 2016 at 11:58 AM, Ruwan Yatawara <ruw...@wso2.com>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> In line with the changes that have been done to introduce the
>>>> device-type descriptor in [1], I have gone ahead and done some refactoring
>>>> to the existing plugins to standardise + make them self-contained.
>>>> Following are a list of changes introduced.
>>>>
>>>>- Mobile Base plugin is no more :
>>>>   - Earlier windows/ios/android plugins relied on a shared
>>>>   component called the base plugin to include common functionality. 
>>>> This
>>>>   consisted of an OSGi component + a jaggery application. This made 
>>>> the 3
>>>>   plugins interdependent. With the new structure, all 3 plugins would 
>>>> be
>>>>   self-contained and they would pack all the necessary backend 
>>>> functionality
>>>>   within themselves. The shared jaggery application has been broken 
>>>> down to 3
>>>>   parts android-web-agent, windows-web-agent and ios-web-agent. Each
>>>>   application would get deployed and undeployed with the corresponding 
>>>> device
>>>>   type.
>>>>- Each device type would be injecting the necessary UI units to a
>>>>page/template unit contained inside of a the cdmf framework.
>>>>- Each device type would be declaring its features/sensors and
>>>>relevant tables as per [1]
>>>>- Samples renamed to plugins and samples-deployer.xml renamed to
>>>>plu

Re: [Architecture] Device Connectivity Graph for IoT Server & related concerns

2017-05-08 Thread Harshan Liyanage

Hi Ruwan,

+1 for having audit tables for recording system activities.

I also propose that we, take out the option for users to enable/disable
data publishing from the agent side, and make it implicit. The agent by
default makes a call to the server to send device information, instead of
making the device make another call to DAS to provide location information,
we can derive the location information at the server side from the device
information payload and push it to DAS.

+1 for above suggestion as well. IMO network calls between device & server
should be minimal in-order to conserve power. Since we already have
location data in device-info payload, there's no need for sending the same
information to the DAS unless there is a need for real-time device tracking
kinda scenario.

Thanks,

Harshan Liyanage
EMM/IoT TG
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog : http://harshanliyanage.blogspot.com/
*WSO2, Inc. :** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Mon, May 8, 2017 at 12:35 PM, Ruwan Yatawara <ruw...@wso2.com> wrote:

> Hi Everyone,
>
> I am working on $subject as part of the effort in trying to provide dig
> down analytics for devices.
>
> The resulting graph would look something like the following (Please
> disregard portion reading connected-unterminated), with the help of [1] and
> will give an would indicate whether the device in question was able to get
> back to IoT Server in a timely manner at the expected monitoring frequency
> specified.
> [image: Inline image 1]
> *Source: [2]*
>
> Whilst attempting this I noticed that we do not have an auditing mechanism
> in place to record important activities, as yet. If you take this flow, for
> example, the monitoring frequency is something configurable and will change
> from time to time. We need to know at which point the transition was made.
>
> Therefore I propose, that we come up with a central audit table to record
> system activities, like updates to platform configurations, in a central
> table. Each activity can have a logging code, and we can purge these
> records from time to time, based on data growth.
>
> I also propose that we, take out the option for users to enable/disable
> data publishing from the agent side, and make it implicit. The agent by
> default makes a call to the server to send device information, instead of
> making the device make another call to DAS to provide location information,
> we can derive the location information at the server side from the device
> information payload and push it to DAS.
>
> Please feel free to weigh in your thoughts.
>
>
> [1] - https://bl.ocks.org/mbostock/4063318
> [2] - https://www.digi.com/resources/documentation/
> digidocs/90001150/reference/r_rep_device_connections.htm
>
>
> Thanks and Regards,
>
> Ruwan Yatawara
>
> Associate Technical Lead,
> WSO2 Inc.
>
> email : ruw...@wso2.com
> mobile : +94 77 9110413
> blog :  http://ruwansrants.blogspot.com/
>
> https://500px.com/ruwan_ace
> https://medium.com/@ruwanyatawara
>
> www: :http://wso2.com
>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Methods to get currentSubject and currentStep in authentication script

2018-07-20 Thread Harshan Liyanage

+1 for 'context.currentKnownSubject'

Thanks,

Harshan Liyanage
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog: http://harshanliyanage.blogspot.com/
Medium: https://medium.com/@harshan.dll
*WSO2, Inc.:** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.


On Fri, Jul 20, 2018 at 12:22 PM Pulasthi Mahawithana 
wrote:

> Hi Senthalan,
>
> Shall we have it something like, 'context.currentKnownSubject'? That would
> imply that it returns the subject value from what it knows by the time of
> execution.
>
> On Wed, Jul 18, 2018 at 4:30 PM Senthalan Kanagalingam 
> wrote:
>
>> Hi Harshan,
>>
>> No, when configuring the authentication steps, we can specify any step
>> as subject-identifier-step. There will be no relationship
>> between subject-identifier-step and last-authenticated-step.
>>
>> thanks
>>
>> On Mon, Jul 16, 2018 at 3:39 PM Harshan Liyanage 
>> wrote:
>>
>>> Hi Senthalan,
>>>
>>> According to your explanation, context.currentSubject will return
>>> either *subject-identifier-step *or *last-authenticated-step. *Do we
>>> have any direct relationship between the *subject-identifier-step *and 
>>> *last-authenticated-step?
>>> *I'm just asking to clarify things.
>>>
>>> Regards,
>>>
>>> Harshan Liyanage
>>> Mobile: *+94765672894*
>>> Email: hars...@wso2.com
>>> Blog: http://harshanliyanage.blogspot.com/
>>> Medium: https://medium.com/@harshan.dll
>>> *WSO2, Inc.:** wso2.com <http://wso2.com/>*
>>> lean.enterprise.middleware.
>>>
>>>
>>> On Sat, Jul 14, 2018 at 2:38 PM Senthalan Kanagalingam <
>>> sentha...@wso2.com> wrote:
>>>
>>>> Hi Harshan,
>>>>
>>>> On Fri, Jul 13, 2018 at 11:26 AM Harshan Liyanage 
>>>> wrote:
>>>>
>>>>> Hi Senthalan,
>>>>>
>>>>> What I understood by reading your description on the behavior of the
>>>>> *context.currentSubject *method is that it always returns the subject
>>>>> of the *last-completed-subject-identifier-step* rather than the
>>>>> subject of the current subject identifier step. If my understanding is
>>>>> correct, I suggest you change it to something more meaningful name such as
>>>>> *context.lastSubject*.
>>>>>
>>>>
>>>> No, if the* subject-identifier-step *is not completed, this method
>>>> will return the subject of the lastly authenticated step. if 
>>>> *subject-identifier-step
>>>> *is completed, it will return the subject of the
>>>> *subject-identifier-step.*
>>>>
>>>> So, I think the name lastSubject can be meant as lastly authenticated
>>>> steps' subject.
>>>>
>>>> thanks,
>>>>
>>>>
>>>>>
>>>>> I'm +1 with *context.currentStep.*
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Harshan Liyanage
>>>>> Mobile: *+94765672894*
>>>>> Email: hars...@wso2.com
>>>>> Blog: http://harshanliyanage.blogspot.com/
>>>>> Medium: https://medium.com/@harshan.dll
>>>>> *WSO2, Inc.:** wso2.com <http://wso2.com/>*
>>>>> lean.enterprise.middleware.
>>>>>
>>>>>
>>>>> On Tue, Jul 10, 2018 at 9:39 PM Senthalan Kanagalingam <
>>>>> sentha...@wso2.com> wrote:
>>>>>
>>>>>> Hi all,
>>>>>>
>>>>>> I am working on to get the currently authenticated subject and
>>>>>> currently executing step from the authentication script. Now, if the
>>>>>> identity admin wants to get the authenticated subject, he/she has to know
>>>>>> which step was set as the subject identifier step and have to call,
>>>>>> "context.step[].subject".
>>>>>>
>>>>>> So, we have planned to implement a method as,
>>>>>>
>>>>>> *context.currentSubject *
>>>>>>
>>>>>> which will return the subject of the "subject identifier step", if
>>>>>> that step is completed. Else return the subject of the last completed 
>>>>>> step.
>>>>>>
>>>>>> Another implementation is to have a method to get the currently
>>>>>> exected method. Currently, identity

Re: [Architecture] Old access token cleanup when token generating, renewing and revoking.

2018-07-19 Thread Harshan Liyanage

Hi Nuwan,

Thanks for your detailed clarifications. Both explanations are perfectly
valid.

Regards,

Harshan Liyanage
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog: http://harshanliyanage.blogspot.com/
Medium: https://medium.com/@harshan.dll
*WSO2, Inc.:** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.


On Thu, Jul 19, 2018 at 8:35 PM Nuwan Dias  wrote:

>
>
> On Wed, Jul 18, 2018 at 9:09 PM Harshan Liyanage  wrote:
>
>> Hi all,
>>
>> @Nuwan: That's why I suggested having a configurable cron expression so
>> that users can configure the task to run on an optimal schedule instead of
>> blocking vital functionalities. Also in that way, we could do a batch
>> deletes and insertions instead of single rows. For example, they could let
>> it run every mid-night so then the access token tables won't grow for
>> millions of records and not affecting the user traffic.
>>
>
> Our objective is to run this clean up process without anyone having to
> configure anything. Even today we have instructions and scripts to clean up
> the tables. But in practice, nobody even notices this and never does these
> kind of stuff until they hit an issue and consult us through support. So if
> we design this in such a way that someone has to turn on something or
> configure something, I am positive our efforts will be in waste.
>
>>
>> @Nalaka: You could let the task to run only on a manager node in a
>> distributed setup using a configuration.
>>
>
> There is no such thing as a "manager" node in our architecture. All nodes
> are equal. Plus, we cannot introduce such changes as well due to numerous
> complexities such as how to HA the manager node, too many varying
> configurations, etc.
>
>>
>> BTW that was just a suggestion. It doesn't mean I'm -1 on this proposed
>> design. :)
>>
>> Thanks,
>>
>> Harshan Liyanage
>> Mobile: *+94765672894*
>> Email: hars...@wso2.com
>> Blog: http://harshanliyanage.blogspot.com/
>> Medium: https://medium.com/@harshan.dll
>> *WSO2, Inc.:** wso2.com <http://wso2.com/>*
>> lean.enterprise.middleware.
>>
>>
>> On Wed, Jul 18, 2018 at 8:51 PM Nalaka Senarathna 
>> wrote:
>>
>>> hi harshan,
>>>
>>> Also if there are multiple nodes then those nodes also may attempt to
>>> clean up the same access token at the same time.
>>>
>>> related mail thread:[1]
>>> [1]Access token Table cleaning and keeping the access token data for
>>> future purposes
>>>
>>> regards.
>>>
>>>
>>> On Wed, Jul 18, 2018 at 8:28 PM, Nuwan Dias  wrote:
>>>
>>>> A periodic task won't work for this because when the system runs on
>>>> tables with millions of records, the task will lock the table for the clean
>>>> up process. This will impact other queries being executed on the table and
>>>> hence block user flows.
>>>>
>>>> On Wed, Jul 18, 2018 at 6:17 AM Harshan Liyanage 
>>>> wrote:
>>>>
>>>>> Hi Nalaka,
>>>>>
>>>>> You could do the same with a configurable periodic task instead of
>>>>> modifying existing token request flows. What you have to do is to 
>>>>> implement
>>>>> the token cleanup feature as a periodic task which scans the token related
>>>>> tables and move EXPIRED, INACTIVE and REVOKED tokens to the audit
>>>>> table. There will be a configuration to configure the CRON expression for
>>>>> that task.
>>>>>
>>>>> WDYT?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Harshan Liyanage
>>>>> Mobile: *+94765672894*
>>>>> Email: hars...@wso2.com
>>>>> Blog: http://harshanliyanage.blogspot.com/
>>>>> Medium: https://medium.com/@harshan.dll
>>>>> *WSO2, Inc.:** wso2.com <http://wso2.com/>*
>>>>> lean.enterprise.middleware.
>>>>>
>>>>>
>>>>> On Wed, Jul 18, 2018 at 2:45 PM Nalaka Senarathna 
>>>>> wrote:
>>>>>
>>>>>>
>>>>>> A solution for the access token table filled up with EXPIRED,
>>>>>> INACTIVE and REVOKED tokens in the Access token table, old access token 
>>>>>> can
>>>>>> move to the Audit table when the new token is generating, renewing or 
>>>>>> token
>>>>>> revoking.
>>>>>>
>>>>>>
>>&g

Re: [Architecture] Methods to get currentSubject and currentStep in authentication script

2018-07-16 Thread Harshan Liyanage

Hi Senthalan,

According to your explanation, context.currentSubject will return
either *subject-identifier-step
*or *last-authenticated-step. *Do we have any direct relationship between
the *subject-identifier-step *and *last-authenticated-step? *I'm just
asking to clarify things.

Regards,

Harshan Liyanage
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog: http://harshanliyanage.blogspot.com/
Medium: https://medium.com/@harshan.dll
*WSO2, Inc.:** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.


On Sat, Jul 14, 2018 at 2:38 PM Senthalan Kanagalingam 
wrote:

> Hi Harshan,
>
> On Fri, Jul 13, 2018 at 11:26 AM Harshan Liyanage 
> wrote:
>
>> Hi Senthalan,
>>
>> What I understood by reading your description on the behavior of the
>> *context.currentSubject *method is that it always returns the subject of
>> the *last-completed-subject-identifier-step* rather than the subject of
>> the current subject identifier step. If my understanding is correct, I
>> suggest you change it to something more meaningful name such as
>> *context.lastSubject*.
>>
>
> No, if the* subject-identifier-step *is not completed, this method will
> return the subject of the lastly authenticated step. if 
> *subject-identifier-step
> *is completed, it will return the subject of the
> *subject-identifier-step.*
>
> So, I think the name lastSubject can be meant as lastly authenticated
> steps' subject.
>
> thanks,
>
>
>>
>> I'm +1 with *context.currentStep.*
>>
>> Thanks,
>>
>> Harshan Liyanage
>> Mobile: *+94765672894*
>> Email: hars...@wso2.com
>> Blog: http://harshanliyanage.blogspot.com/
>> Medium: https://medium.com/@harshan.dll
>> *WSO2, Inc.:** wso2.com <http://wso2.com/>*
>> lean.enterprise.middleware.
>>
>>
>> On Tue, Jul 10, 2018 at 9:39 PM Senthalan Kanagalingam <
>> sentha...@wso2.com> wrote:
>>
>>> Hi all,
>>>
>>> I am working on to get the currently authenticated subject and currently
>>> executing step from the authentication script. Now, if the identity admin
>>> wants to get the authenticated subject, he/she has to know which step was
>>> set as the subject identifier step and have to call,
>>> "context.step[].subject".
>>>
>>> So, we have planned to implement a method as,
>>>
>>> *context.currentSubject *
>>>
>>> which will return the subject of the "subject identifier step", if that
>>> step is completed. Else return the subject of the last completed step.
>>>
>>> Another implementation is to have a method to get the currently exected
>>> method. Currently, identity admin has to specify the step number in order
>>> to get the details. "context.step[]". This will affect the
>>> reusability of the code.
>>>
>>> With this new implementation, the identity admin can use,
>>>
>>> *context.currentStep*
>>>
>>> which will return the executing step.
>>>
>>> Please share your comments on the naming of the methods.
>>>
>>> thanks,
>>> Senthalan.
>>> --
>>>
>>> *Senthalan Kanagalingam*
>>> *Software Engineer - WSO2 Inc.*
>>> *Mobile : +94 (0) 77 18 77 466*
>>> <http://wso2.com/signature>
>>> ___
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>> ___
>> Architecture mailing list
>> Architecture@wso2.org
>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>
>
>
> --
>
> *Senthalan Kanagalingam*
> *Software Engineer - WSO2 Inc.*
> *Mobile : +94 (0) 77 18 77 466*
> <http://wso2.com/signature>
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Re: [Architecture] Stream Processor HA improved archectecture

2018-07-12 Thread Harshan Liyanage

Hi Damith,

According to this architecture, the passive node will only fetch event
states and filter events only once it is active. This model might exhaust
the queue 2 very soon depending on the rate of events. What if we could add
another async task to check the state and filter events even if the node is
passive?

Thanks,

Harshan Liyanage
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog: http://harshanliyanage.blogspot.com/
Medium: https://medium.com/@harshan.dll
*WSO2, Inc.:** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.


On Fri, Jul 13, 2018 at 9:01 AM Tishan Dahanayakage  wrote:

> @Anoukh,
> We can configure a LB in front to handle failover. Actually that is the
> correct solution rather than publishing to both. But I think we need to
> figure out how to handle incoming databridge traffic as it cannot be load
> balanced. Yes we can utilize client side load balancing and directly
> publish to SP nodes. But then we will need to shutdown thrift/binary
> receiving servers of passive node for the failover to happen.
>
> @Damith,
> I have below questions/suggestions.
> 1. What is the expected behavior when queue is full in active node?
> First of all I suppose this is a in-memory queue. This is something we
> should think clearly and implement as even now we are facing quite a number
> of issues where server is stalled because queues are getting filled. When
> queue in active node is full
> - We can't let receiving threads to get block on the queue as it will
> cause server to freeze.
> - At the same time We can't also drop the event if exactly once processing
> or zero event drop is enforced.
> - Also we can't keep adding stuff to queue as it will go OOM.
> So IMO we need a way to persist the queue. In other words we need a proper
> broker queue to solve this issue. If user is fine with event loss then We
> can live with in-memory queue.
>
> 2. We need a automated purging task to clean queue2 to after every state
> persistance done by active node.
>
> /Tishan
>
> On Thu, Jul 12, 2018 at 10:41 PM, Anoukh Jayawardena 
> wrote:
>
>> Hi Damith,
>>
>> Just a few clarifications on the new architecture.
>> I'm assuming that "queue1" and "queue2" are actually per Source? Which
>> means if we have 3 sources, we'll have 3 queues in active node and 3 queues
>> in passive node? Does that mean there will be 3 threads working in async?
>> Also, the main difference with the current HA architecture is that both
>> nodes will not receive all the events. So at the moment the active node
>> goes down, how does the passive node start receiving events? Will we be
>> handling this or should the cluster be fronted by a separate load balancer?
>>
>> Thanks,
>> Anoukh
>>
>> On Thu, Jul 12, 2018 at 8:34 PM Damith Wickramasinghe 
>> wrote:
>>
>>> Hi all,
>>>
>>> We are in the process of refactor/improve the existing HA architecture
>>> due to various concerns found.
>>>
>>> Below is the high level design came up with. We will provide more
>>> in-depth details as the implementation carries on.
>>>
>>>
>>> 
>>> 
>>> As per above at a given point of time there will only be a one active
>>> node. Passive node will not consume any events. Electing active node will
>>> work as per current architecture via cluster coordination.
>>> A thread will work in the active node to put the data into a
>>> queue(queue1) and same thread will then publish the events to
>>> outside.Reason for having a queue here because to send events
>>> asynchronously to passive node. Here we are going to send events to passive
>>> node via TCP. (This we need to decide) Active node will persist the state
>>> periodically to the database.
>>>
>>> When active node goes down via cluster coordination passive node will
>>> become active. When active it will get the state from database(to sync the
>>> state) with latest event timestamp , and filter events from queue 2 (in
>>> order to stop processing already processed events) and send them out. Then
>>> open the ports in the newly active node and start receiving events from
>>> sources. In this architecture also at least one processing will be done.
>>>
>>> Nisala please add anything I missed.
>>>
>>> Regards,
>>> Damith
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> Senior Software Engineer
>>> WSO2 Inc.; http://wso2.com
>>> <http://www.google.com/url?q=http%3A%2F%2Fwso2.com=D=1=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>
&g

Re: [Architecture] Methods to get currentSubject and currentStep in authentication script

2018-07-12 Thread Harshan Liyanage

Hi Senthalan,

What I understood by reading your description on the behavior of the
*context.currentSubject *method is that it always returns the subject of
the *last-completed-subject-identifier-step* rather than the subject of the
current subject identifier step. If my understanding is correct, I suggest
you change it to something more meaningful name such as
*context.lastSubject*.

I'm +1 with *context.currentStep.*

Thanks,

Harshan Liyanage
Mobile: *+94765672894*
Email: hars...@wso2.com
Blog: http://harshanliyanage.blogspot.com/
Medium: https://medium.com/@harshan.dll
*WSO2, Inc.:** wso2.com <http://wso2.com/>*
lean.enterprise.middleware.

On Tue, Jul 10, 2018 at 9:39 PM Senthalan Kanagalingam 
wrote:

> Hi all,
>
> I am working on to get the currently authenticated subject and currently
> executing step from the authentication script. Now, if the identity admin
> wants to get the authenticated subject, he/she has to know which step was
> set as the subject identifier step and have to call,
> "context.step[].subject".
>
> So, we have planned to implement a method as,
>
> *context.currentSubject *
>
> which will return the subject of the "subject identifier step", if that
> step is completed. Else return the subject of the last completed step.
>
> Another implementation is to have a method to get the currently exected
> method. Currently, identity admin has to specify the step number in order
> to get the details. "context.step[]". This will affect the
> reusability of the code.
>
> With this new implementation, the identity admin can use,
>
> *context.currentStep*
>
> which will return the executing step.
>
> Please share your comments on the naming of the methods.
>
> thanks,
> Senthalan.
> --
>
> *Senthalan Kanagalingam*
> *Software Engineer - WSO2 Inc.*
> *Mobile : +94 (0) 77 18 77 466*
> <http://wso2.com/signature>
> ___
> Architecture mailing list
> Architecture@wso2.org
> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>
___
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

46 matches

Mail list logo