Re: [Architecture] Data Bridge Agent Publisher for C5 products

On Thu, Jun 2, 2016 at 9:43 PM, Isuru Perera wrote: > Hi Suho, > > In Metrics, I have written the DAS Reporter using the data publisher. Do > you think I should change the implementation to use an HTTP client? > We don't need to change from Thrift to HTTP, rather we need to

Re: [Architecture] [IS] User Challenge question Internationalization

Hi Farasath, +1 for storing the content of the questions as the registry resource values. But how are you planning to store the boolean values such as " *isPromoteQuestion*" ?. I think it's better to keep that sort of data as a property value, so the retrieval process will be easy. WDYT ?

Re: [Architecture] [IS] User Challenge question Internationalization

Hi, In the current implementation, challenge questions are persisted to the registry as registry resource properties as shown below. I had a look at the discussion[1] on how persisting email templates for different locale should be done. I am planning to follow a similar approach in storing

Re: [Architecture] Writing an ESB connector for BPMN rest API.

+1 On Fri, Jun 3, 2016 at 4:02 PM, Nandika Jayawardana wrote: > +1 > > Nandika > > On Fri, Jun 3, 2016 at 3:32 PM, Hasitha Aravinda wrote: > >> Hi all, >> >> Shall we do the $Subject for BPMN rest API [1]. Basically, connector >> should cover basic functions

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

Hi All, On Fri, Jun 3, 2016 at 5:46 PM, Prabath Siriwardana wrote: > > > On Thu, Jun 2, 2016 at 10:30 PM, Indunil Upeksha Rathnayake < > indu...@wso2.com> wrote: > >> Hi, >> I am working on implementing regeneration of client secret/key of an >> oauth app and revocation of an

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

On Thu, Jun 2, 2016 at 10:30 PM, Indunil Upeksha Rathnayake < indu...@wso2.com> wrote: > Hi, > I am working on implementing regeneration of client secret/key of an oauth > app and revocation of an oauth app for the next milestone release of > Identity Server. Appreciate your feedbacks on the

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

Hi Indunill, Here are we talking about three things ? *i. Regenerate Client Secret* *ii. Regenerate Consumer Key* *iii. Revoking an oauth app* Specification [1] talk about revoking client secret more like revoking oauth app. In order to use same consumer key again regenerating client secret is

Re: [Architecture] Writing an ESB connector for BPMN rest API.

+1 Nandika On Fri, Jun 3, 2016 at 3:32 PM, Hasitha Aravinda wrote: > Hi all, > > Shall we do the $Subject for BPMN rest API [1]. Basically, connector > should cover basic functions such as > >- Start process instance >- Receive messages (Correlation) >- List and

[Architecture] Writing an ESB connector for BPMN rest API.

Hi all, Shall we do the $Subject for BPMN rest API [1]. Basically, connector should cover basic functions such as - Start process instance - Receive messages (Correlation) - List and get process instances and their variables - HumanTask's related operations. etc. With this

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

On Fri, Jun 3, 2016 at 11:51 AM, Farasath Ahamed wrote: > compromised ​Yes, It is like when the user wants to change the user name also with or without changing the password.​ So in that case we have to create new account instead of letting to change user name. *Harsha

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

Hi, Since client_id is simply an identifier for the OAuth application, is it really required to regenerate the client_id when the client_secret is compromised? Isn't it be similar to a situation where we are changing our username and password because our password was compromised? Farasath

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

Hi Farasath, In that case, we have to create a new application if some one wants to reset the consumer key. That will not be a good experience to the user and specification also not specifically saying that only we should revoke consumer key or both. An authorization server may revoke a client's

Re: [Architecture] [IS] Regenerating client secret/key and revoking an oauth app in OAuth 2.0 implementation

Hi Indunil, What are the guidelines given by the OAuth 2.0 specification regarding the $subject?. As stated by @Farzath, i think even Twitter does the same thing. Thanks, Kasun. On Fri, Jun 3, 2016 at 11:11 AM, Farasath Ahamed wrote: > Hi Indunil, > > In a case of