[Architecture] [C5][IS][M4] Maintaining Keys in C5 products

Hi All, How are we going to do $subject in C5 based products ? Do we already have a solution for this ? For Identity Server's requirements we may need to have multiple keys to sign depending on the use cases. But in C4 products we only had a single private key per tenant. Following are the

Re: [Architecture] [C5][APIM] Introducing labels based gateway environments in API Manager

Hi Pubudu, In above diagram,both the gateway types are pointing to same keymanager.,Have we considered the scenario of having different keymanagers per each gateway node.For example,multiple DC deployment[master-slave] scenario..Then how we will extend the UI experience in Store side? Thanks;

Re: [Architecture] [C5] [Carbon-Feature-Plugin] Dynamic Creation of carbon.product via a Template

Hi Dilan, This introduces new configuration changes. IMO, we should not introduce new configurations that is unnecessary for a user. Here, can we make the productConfig/version and productFilePath optional as well? productFilePath/version is not really the product version, it is the kernel's

Re: [Architecture] REST API versioning - which version to mandate in the URI scheme?

Hi, You could offer clients a URI only approach and header approach in parallel > like this: > /someresource/v1/thisandthat -> default version, always latest greatest > minor version within v1, with optional header pointing to specific version > /someresource/v11/thisandthat >

Re: [Architecture] [C5][APIM] Introducing labels based gateway environments in API Manager

Label approach is much more cleaner for me then API publisher can decide where that API should go. Question :- How publisher and gateways both sync with label names? when an API came with an unknown label what will happen. We should have predefined label set right? On Wed, Feb 8, 2017 at 11:45

Re: [Architecture] [C5][APIM] Introducing labels based gateway environments in API Manager

Hi, On Wed, Feb 8, 2017 at 11:37 AM, Shani Ranasinghe wrote: > Hi, > Can't we use the existing roles to do this? Restricted by roles? > > for e.g API A (public) has a role "public" and API B(internal) has a > role "internal" . We develop our API admin portal to let the gateway

Re: [Architecture] [C5][APIM] Introducing labels based gateway environments in API Manager

HI Pubudu, 1. Who will be responsible for creating these labels? I guess, it should be created from Admin Portal and those labels should be propagated to store, publisher, gateway. 2. How do you restrict the users invoking from different gateway environments? Allowing to invoke from provided

Re: [Architecture] Extend SCIM 2.0 Metadata to include User Lifecycle State

On Wed, Feb 8, 2017 at 9:25 AM, Isura Karunaratne wrote: > Hi Johann, > > > On Wed, Feb 8, 2017 at 9:19 AM, Johann Nallathamby > wrote: > >> For IS 6.0.0 M3 we decided to implement and manage user lifecycle states. >> For IS 6.0.0 M2 we are implementing SCIM

Re: [Architecture] Extend SCIM 2.0 Metadata to include User Lifecycle State

Hi Johann, On Wed, Feb 8, 2017 at 9:19 AM, Johann Nallathamby wrote: > For IS 6.0.0 M3 we decided to implement and manage user lifecycle states. > For IS 6.0.0 M2 we are implementing SCIM 2.0. I propose that we extend SCIM > 2.0 metadata and include the user lifecycle state as

[Architecture] Extend SCIM 2.0 Metadata to include User Lifecycle State

For IS 6.0.0 M3 we decided to implement and manage user lifecycle states. For IS 6.0.0 M2 we are implementing SCIM 2.0. I propose that we extend SCIM 2.0 metadata and include the user lifecycle state as a user's metadata. Also regarding where we need to store this metadata, I think it needs to be

Re: [Architecture] [C5][APIM] Introducing labels based gateway environments in API Manager

Hi Pubudu, What will be the behavior when an api is updated 1. From API publisher UI 2. From the api artifact itself(if it is allowed). Thanks & Regards, Ishara Cooray Senior Software Engineer Mobile : +9477 262 9512 WSO2, Inc. | http://wso2.com/ Lean . Enterprise . Middleware On Tue,

Re: [Architecture] [C5][APIM] Introducing labels based gateway environments in API Manager

Hi Matteo, To give you some context, this model is suggested for API Manager version 3.0.0 which will be on a new Carbon platform version, version 5. Its literarily a rewrite of the current API Manager product and hence we're rethinking and redesigning all features. What we're trying to achieve

[Architecture] [C5][APIM] Introducing labels based gateway environments in API Manager

Hi, There can be situations where we need to host public gateways for public traffic as well as private gateways for internal traffic. In general, there can be different gateway environments which serve particular APIs. The publisher can decide which API should be served by which gateway

Re: [Architecture] Adding reusable PDF table generator OSGI component to IS 6.0.0 Analytics

I believe it is a non-carbon component then it needs to go shared-analytics. If it is a carbon component, then it needs to go carbon-analytics-common. Thanks, Mohan On Tue, Feb 7, 2017 at 4:02 PM, Danoja Dias wrote: > Hi All, > > We decided to write a reusable OSGI component

Re: [Architecture] Adding reusable PDF table generator OSGI component to IS 6.0.0 Analytics

+1 to move to shared-analytics. On Tue, Feb 7, 2017 at 1:32 PM, Danoja Dias wrote: > Hi All, > > We decided to write a reusable OSGI component to generate PDF with tables > using PDFBOX library that is already used in IS pack for PDF generation > in server side. > > We have

Re: [Architecture] [C5] [Carbon-Feature-Plugin] Dynamic Creation of carbon.product via a Template

Hi All, Here follows an update to the current state of this implementation. Carbon-feature-plugin has been updated to get use of one-of-two configuration options in carbon-kernel distribution pom in accessing the product file for achieving goals "publish-product" and "generate-runtime". [1] One

Re: [Architecture] [Architecutre][IS][C5] Do we need to have multiple inbound/outbound authenticator config in one SP/IDP

On Tue, Feb 7, 2017 at 2:36 PM, Dulanja Liyanage wrote: > SPs and IdPs represent real world entities. For example, if the IdP > supports multiple authentication mechanisms, we should represent it in a > single IdP config with multiple authenticators. Else, you will have to >

Re: [Architecture] [Architecutre][IS][C5] Do we need to have multiple inbound/outbound authenticator config in one SP/IDP

SPs and IdPs represent real world entities. For example, if the IdP supports multiple authentication mechanisms, we should represent it in a single IdP config with multiple authenticators. Else, you will have to duplicate metadata of that IdP. On 7 Feb 2017 2:19 p.m., "Darshana Gunawardana"

Re: [Architecture] [Architecutre][IS][C5] Do we need to have multiple inbound/outbound authenticator config in one SP/IDP

Thanks Darshhana, got your point. And what about the outbound multiple authenticators for one IDP ? On Tue, Feb 7, 2017 at 2:19 PM, Darshana Gunawardana wrote: > Hi Harsha, > > It make sense to have that in some cases like "SAML 2.0 bearer grant" in > OAuth flow. Same SP

Re: [Architecture] [Architecutre][IS][C5] Do we need to have multiple inbound/outbound authenticator config in one SP/IDP

Hi Harsha, It make sense to have that in some cases like "SAML 2.0 bearer grant" in OAuth flow. Same SP application which used Identity Server with SAML 2.0 web sso (which requires inbound saml config) also need to get access tokens (which requires inbound oauth config). Thanks, On Tue, Feb 7,