Re: [Architecture] [Dev] [C5] MSF4J Interceptors need to be configurable.

Hi Sagara, ViduraN has almost implemented this. We will schedule a meeting tomorrow or day after tomorrow to discuss the current implementation. Thanks Thusitha On Mon, Jan 16, 2017 at 12:44 PM, Sagara Gunathunga wrote: > > Can we have an update or review meeting on this ? >

Re: [Architecture] Security Model for Product APIs in C5

Hi Nuwan, Won't there any admin APIs (REST) exposed by the kernel? In that case, how a product supposed to merge the product API and Kernel API? On Mon, Jan 16, 2017 at 12:05 PM, Nuwan Dias wrote: > > > On Mon, Jan 16, 2017 at 11:31 AM, Dimuthu Leelarathne

Re: [Architecture] [Dev] [C5] MSF4J Interceptors need to be configurable.

Can we have an update or review meeting on this ? Thanks ! On Thu, Jan 5, 2017 at 9:50 AM, Ishara Cooray wrote: > Sounds good. > Thanks Kishanthan. > > Thanks & Regards, > Ishara Cooray > Senior Software Engineer > Mobile : +9477 262 9512 <+94%2077%20262%209512> > WSO2, Inc.

Re: [Architecture] [Dev] [VOTE] Release WSO2 API Manager 2.1.0 RC3

Hi all, We are calling off the vote due to an L1 issue [1] found in SSO flow in tenant mode. We will do an RC4 soon. [1] https://wso2.org/jira/browse/APIMANAGER-5579 Thanks, Chamalee On Mon, Jan 16, 2017 at 11:04 AM, Fazlan Nazeem wrote: > Hi, > > I have tested the

Re: [Architecture] Security Model for Product APIs in C5

On Mon, Jan 16, 2017 at 11:31 AM, Dimuthu Leelarathne wrote: > Hi Nuwan, > > Current scope-to-role mapping we do via the API publisher UI. Are you > talking about some other functionality? > Yes, this is for C5 product APIs (admin services in C5). Not for the APIs you create

Re: [Architecture] Security Model for Product APIs in C5

Hi Nuwan, Current scope-to-role mapping we do via the API publisher UI. Are you talking about some other functionality? thanks, Dimuthu On Mon, Jan 16, 2017 at 10:48 AM, Nuwan Dias wrote: > Hi Dimuthu, > > On Mon, Jan 16, 2017 at 10:16 AM, Dimuthu Leelarathne

Re: [Architecture] [Dev] [VOTE] Release WSO2 API Manager 2.1.0 RC3

Hi, I have tested the following. - Alert generation - Alert configuration changes - Alert deactivation/activation [+] Stable - go ahead and release On Mon, Jan 16, 2017 at 10:55 AM, Rukshan Premathunga wrote: > Tested Analytics for tenant and super tenant. No

Re: [Architecture] [VOTE] Release WSO2 API Manager 2.1.0 RC3

Tested Analytics for tenant and super tenant. No issues found. [+] Stable - go ahead and release Thanks and Regards. On Mon, Jan 16, 2017 at 10:49 AM, Praminda Jayawardana wrote: > Tested client SDK generation for super tenant, non admin, tenant and self > signup users. > >

Re: [Architecture] [APIM] [C5] Rest API Support for Importing and Exporting APIs between Multiple Environments

Hi Isuru, The proposed design looks good! One question, will we also be able to extract and import API subscriptions similar to this from one environment to another assuming that both environments are connected to the same user store? Thanks Imesh On Tue, Jan 10, 2017 at 11:22 AM, Isuru

Re: [Architecture] [VOTE] Release WSO2 API Manager 2.1.0 RC3

Tested client SDK generation for super tenant, non admin, tenant and self signup users. [+] Stable - go ahead and release Thanks, Praminda On Mon, Jan 16, 2017 at 10:08 AM, Arshardh Ifthikar wrote: > Hi, > > Tested Websocket API feature. > > [+] Stable - go ahead and

Re: [Architecture] Security Model for Product APIs in C5

Hi Dimuthu, On Mon, Jan 16, 2017 at 10:16 AM, Dimuthu Leelarathne wrote: > Hi Nuwan, > > On Tue, Jan 10, 2017 at 4:48 PM, Nuwan Dias wrote: > >> Hi, >> >> Since we're moving away from SOAP based admin services to REST APIs for >> Product APIs we need to come

Re: [Architecture] Security Model for Product APIs in C5

Hi Nuwan, On Tue, Jan 10, 2017 at 4:48 PM, Nuwan Dias wrote: > Hi, > > Since we're moving away from SOAP based admin services to REST APIs for > Product APIs we need to come to an agreement on the Security > (Authentication and Authorization) model for the products. > > The

Re: [Architecture] Security Model for Product APIs in C5

On Mon, Jan 16, 2017 at 10:03 AM, Ishara Karunarathna wrote: > Hi All, > > I agree with Nuwans points to use OAuth to secure the product APIs. > But My suggestion is to keep OAuth as the default security model and allow > the capability to plug other authentication and

Re: [Architecture] [VOTE] Release WSO2 API Manager 2.1.0 RC3

Hi, Tested Websocket API feature. [+] Stable - go ahead and release On Mon, Jan 16, 2017 at 10:01 AM, Chamila Adhikarinayake wrote: > Hi, > > Tested workflows for API lifecycle state change feature. > > [+] Stable - go ahead and release > > On Fri, Jan 13, 2017 at 6:23 PM,

Re: [Architecture] Security Model for Product APIs in C5

Hi All, I agree with Nuwans points to use OAuth to secure the product APIs. But My suggestion is to keep OAuth as the default security model and allow the capability to plug other authentication and authorization mechanism to secure Product APIs. We can ship. OAuth2, Mutual SSL, Basic Auth and

Re: [Architecture] [VOTE] Release WSO2 API Manager 2.1.0 RC3

Hi, Tested workflows for API lifecycle state change feature. [+] Stable - go ahead and release On Fri, Jan 13, 2017 at 6:23 PM, Malintha Amarasinghe wrote: > Hi All, > > This is the 3rd Release Candidate of WSO2 API Manager 2.1.0 > > Please download, test the product and

Re: [Architecture] Security Model for Product APIs in C5

Having APIs tightly coupled with OAuth creates overhead for simple server to server communication. There are use cases in IoT Server where it needs to communicate with APIM rest APIs(Store and Publisher). In the current flow we create oauth token using JWT grant type. Even though the problem can

Re: [Architecture] Security Model for Product APIs in C5

On Mon, Jan 16, 2017 at 9:38 AM, Bhathiya Jayasekara wrote: > Hi all, > > I'd like to add another related concern here. There can be internal APIs > (server to server) which may not be exposed to the outside. For example, > context loading and subscription loading APIs between

Re: [Architecture] Security Model for Product APIs in C5

Hi all, I'd like to add another related concern here. There can be internal APIs (server to server) which may not be exposed to the outside. For example, context loading and subscription loading APIs between API Gateway and API Core. For them, I don't think we need OAuth or any kind of

Re: [Architecture] [Dev] [VOTE] Release WSO2 IoT Server 3.0.0 RC1

[-] Broken - do not release (Due to a security related issues identified) Thank you, On Sun, Jan 15, 2017 at 9:54 AM, Rasika Perera wrote: > Hi Devs, > > *WSO2 ​IoT ​Server ​3.0.0-RC1 Released* > > This is the 1st Release Candidate of the WSO2 > ​IoT Server​ > > ​3​ > .0.0 >