You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@airavata.apache.org by Supun Nakandala <su...@gmail.com> on 2015/12/12 04:17:13 UTC
Introducing gatewayId to SecurityToken in Airavata API
Hi devs,
Currently in the Airavata API we use the gatewayId only for some API
methods like createExperiment, registerApplication etc.. I would like to
suggest that we move this field to SecurityToken and make it mandatory for
all API methods. For API methods which requires the gatewayId we can read
it from there.
By making gatewayId a mandatory field in SecurityToken, in the API it is
easy to implement access control to the API in a multi tenanted scenario.
Any Concerns?
Thanks
Supun
Re: Introducing gatewayId to SecurityToken in Airavata API
Posted by Amila Jayasekara <th...@gmail.com>.
Does that mean particular gateway can get experiment information of another
gateway?
If so, For a multi-tenant situation this needs to change.
Thanks
-Thejaka
On Sun, Dec 13, 2015 at 3:16 PM, Supun Nakandala <su...@gmail.com>
wrote:
> Currently we send the gatewayId for the API method as a parameter. This is
> not sent to all API methods but only for the required ones such as
> createExeriment. But for other methods like getExperiment we don't require
> only the experimentId. So users can access other gateway's experiments if
> they know the experimentId.
>
> The idea is to make gatewayId a mandatory field in SecurityToken and
> validate it at the API security manager.
>
> On Sun, Dec 13, 2015 at 12:23 PM, Amila Jayasekara <
> thejaka.amila@gmail.com> wrote:
>
>>
>>
>> On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <
>> supun.nakandala@gmail.com> wrote:
>>
>>> Hi devs,
>>>
>>> Currently in the Airavata API we use the gatewayId only for some API
>>> methods like createExperiment, registerApplication etc.. I would like to
>>> suggest that we move this field to SecurityToken and make it mandatory for
>>> all API methods. For API methods which requires the gatewayId we can read
>>> it from there.
>>>
>>
>> So, currently how does other methods figure out on which gateway id the
>> operation should be performed ?
>>
>> -Thejaka
>>
>>
>>>
>>> By making gatewayId a mandatory field in SecurityToken, in the API it is
>>> easy to implement access control to the API in a multi tenanted scenario.
>>>
>>> Any Concerns?
>>>
>>> Thanks
>>> Supun
>>>
>>
>>
>
>
> --
> Thank you
> Supun Nakandala
> Dept. Computer Science and Engineering
> University of Moratuwa
>
Re: Introducing gatewayId to SecurityToken in Airavata API
Posted by Supun Nakandala <su...@gmail.com>.
Currently we send the gatewayId for the API method as a parameter. This is
not sent to all API methods but only for the required ones such as
createExeriment. But for other methods like getExperiment we don't require
only the experimentId. So users can access other gateway's experiments if
they know the experimentId.
The idea is to make gatewayId a mandatory field in SecurityToken and
validate it at the API security manager.
On Sun, Dec 13, 2015 at 12:23 PM, Amila Jayasekara <th...@gmail.com>
wrote:
>
>
> On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <
> supun.nakandala@gmail.com> wrote:
>
>> Hi devs,
>>
>> Currently in the Airavata API we use the gatewayId only for some API
>> methods like createExperiment, registerApplication etc.. I would like to
>> suggest that we move this field to SecurityToken and make it mandatory for
>> all API methods. For API methods which requires the gatewayId we can read
>> it from there.
>>
>
> So, currently how does other methods figure out on which gateway id the
> operation should be performed ?
>
> -Thejaka
>
>
>>
>> By making gatewayId a mandatory field in SecurityToken, in the API it is
>> easy to implement access control to the API in a multi tenanted scenario.
>>
>> Any Concerns?
>>
>> Thanks
>> Supun
>>
>
>
--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa
Re: Introducing gatewayId to SecurityToken in Airavata API
Posted by Amila Jayasekara <th...@gmail.com>.
On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <supun.nakandala@gmail.com
> wrote:
> Hi devs,
>
> Currently in the Airavata API we use the gatewayId only for some API
> methods like createExperiment, registerApplication etc.. I would like to
> suggest that we move this field to SecurityToken and make it mandatory for
> all API methods. For API methods which requires the gatewayId we can read
> it from there.
>
So, currently how does other methods figure out on which gateway id the
operation should be performed ?
-Thejaka
>
> By making gatewayId a mandatory field in SecurityToken, in the API it is
> easy to implement access control to the API in a multi tenanted scenario.
>
> Any Concerns?
>
> Thanks
> Supun
>
Re: Introducing gatewayId to SecurityToken in Airavata API
Posted by Supun Nakandala <su...@gmail.com>.
No. For the moment there is no change.
On Sat, Dec 12, 2015 at 2:57 PM, Pankaj Saha <ps...@binghamton.edu> wrote:
> Hi Supun,
> Is there any changes required in term of hosted Airavata setup due to this
> mandatory field in SecurityToken for 16 branch?
>
> Thanks
> Pankaj
>
> On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <
> supun.nakandala@gmail.com> wrote:
>
>> Hi devs,
>>
>> Currently in the Airavata API we use the gatewayId only for some API
>> methods like createExperiment, registerApplication etc.. I would like to
>> suggest that we move this field to SecurityToken and make it mandatory for
>> all API methods. For API methods which requires the gatewayId we can read
>> it from there.
>>
>> By making gatewayId a mandatory field in SecurityToken, in the API it is
>> easy to implement access control to the API in a multi tenanted scenario.
>>
>> Any Concerns?
>>
>> Thanks
>> Supun
>>
>
>
--
Thank you
Supun Nakandala
Dept. Computer Science and Engineering
University of Moratuwa
Re: Introducing gatewayId to SecurityToken in Airavata API
Posted by Pankaj Saha <ps...@binghamton.edu>.
Hi Supun,
Is there any changes required in term of hosted Airavata setup due to this
mandatory field in SecurityToken for 16 branch?
Thanks
Pankaj
On Fri, Dec 11, 2015 at 10:17 PM, Supun Nakandala <supun.nakandala@gmail.com
> wrote:
> Hi devs,
>
> Currently in the Airavata API we use the gatewayId only for some API
> methods like createExperiment, registerApplication etc.. I would like to
> suggest that we move this field to SecurityToken and make it mandatory for
> all API methods. For API methods which requires the gatewayId we can read
> it from there.
>
> By making gatewayId a mandatory field in SecurityToken, in the API it is
> easy to implement access control to the API in a multi tenanted scenario.
>
> Any Concerns?
>
> Thanks
> Supun
>
Re: Introducing gatewayId to SecurityToken in Airavata API
Posted by Suresh Marru <sm...@apache.org>.
Hi Supun,
As I said in hip chat, this is a good and needed change to properly enforce authorization at API level. Thanks for fixing this up. Lets go for it.
Suresh
> On Dec 11, 2015, at 10:17 PM, Supun Nakandala <su...@gmail.com> wrote:
>
> Hi devs,
>
> Currently in the Airavata API we use the gatewayId only for some API methods like createExperiment, registerApplication etc.. I would like to suggest that we move this field to SecurityToken and make it mandatory for all API methods. For API methods which requires the gatewayId we can read it from there.
>
> By making gatewayId a mandatory field in SecurityToken, in the API it is easy to implement access control to the API in a multi tenanted scenario.
>
> Any Concerns?
>
> Thanks
> Supun