You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@airavata.apache.org by "Hasini Gunasinghe (JIRA)" <ji...@apache.org> on 2015/08/17 06:17:46 UTC

[jira] [Commented] (AIRAVATA-1624) [GSoC] Securing Airavata API

    [ https://issues.apache.org/jira/browse/AIRAVATA-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14698993#comment-14698993 ] 

Hasini Gunasinghe commented on AIRAVATA-1624:
---------------------------------------------

Hi all,

I would like to update that with the pull request https://github.com/apache/airavata/pull/26, it completes the security solution implementation in the Airavata code base. 
What is left to be done is to complete the documentation and to provide a web based sample client demonstrating the authorization code grant type flow, which I will provide soon. Java client inside airavata/samples demonstrates the other two grant types' flows and the features of the solution.

Thanks,
Hasini.

> [GSoC] Securing Airavata API
> ----------------------------
>
>                 Key: AIRAVATA-1624
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-1624
>             Project: Airavata
>          Issue Type: New Feature
>          Components: Airavata API
>            Reporter: Suresh Marru
>              Labels: gsoc, gsoc2015, mentor
>             Fix For: WISHLIST
>
>         Attachments: Securing_ARAVATA_API_V1.pdf
>
>
> Apache Airavata uses Thrift based API's for external facing API's and for system internal CPI's. The API's need to be secured adding authentication and authorization capabilities. 
> The Authentication need to ensure only approved users/clients can communicate. Similarly clients should only interact with valid servers. 
> Authorization need to be enforced to ensure only users with specific roles can appropriately access specific API's. As an example, administrative roles should be able see all the users experiments where as end users can only see his/her data and not access other information (unless explicitly shared). 
> Earlier GSoC project focused on this topic has relavent discussion. 
> https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)