[APIM][C5] - Resource Registration Rest API For API Manager

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

[APIM][C5] - Resource Registration Rest API For API Manager

tharindu1st
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Tharindu Dharmarathna
Associate Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94779109091
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

roshan wijesena-2
Tharindu,

IMO, we should extend key-manager interface for this implementation, because there could be instances where, some key managers does not support resource registrations OOB.

+1 for keep scopes in swagger.

Regards
Roshan.




On Tue, Dec 5, 2017 at 7:15 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Viduranga Gunarathne
Hi Tharindu,

+1 to keep the scopes in the Swagger definition. 

When we generate SDKs for APIs in APIM, swagger codegen generates authentication procedures (Sample code + documentation) for the SDK only if there are security scopes in the swagger definition. This issue is there is API-M 210, because the swagger definition used to generate SDKs doesn't have security scopes. [1].

Also does this allow to have multiple scopes for a single resource?

[1] Mail subject "(CLOUDPROD-483) [API cloud] Usability issues in store API SDKs"

Thanks,
Viduranga.

On Tue, Dec 5, 2017 at 6:30 AM, roshan wijesena <[hidden email]> wrote:
Tharindu,

IMO, we should extend key-manager interface for this implementation, because there could be instances where, some key managers does not support resource registrations OOB.

+1 for keep scopes in swagger.

Regards
Roshan.




On Tue, Dec 5, 2017 at 7:15 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




--
Regards,
Viduranga Gunarathne
Software Engineer Intern
WSO2

Email : [hidden email]
Mobile : +94712437484
Web : http://wso2.com
https://wso2.com/signature

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Malintha Amarasinghe
Hi,

I think we need to keep scope to role/permission mapping as well which can't be kept in the swagger definition. We will need to keep that separately. The approach 1 looks good to me (having a separate /scope resource)

Thanks! 

On Tue, Dec 5, 2017 at 8:50 AM, Viduranga Gunarathne <[hidden email]> wrote:
Hi Tharindu,

+1 to keep the scopes in the Swagger definition. 

When we generate SDKs for APIs in APIM, swagger codegen generates authentication procedures (Sample code + documentation) for the SDK only if there are security scopes in the swagger definition. This issue is there is API-M 210, because the swagger definition used to generate SDKs doesn't have security scopes. [1].

Also does this allow to have multiple scopes for a single resource?

[1] Mail subject "(CLOUDPROD-483) [API cloud] Usability issues in store API SDKs"

Thanks,
Viduranga.

On Tue, Dec 5, 2017 at 6:30 AM, roshan wijesena <[hidden email]> wrote:
Tharindu,

IMO, we should extend key-manager interface for this implementation, because there could be instances where, some key managers does not support resource registrations OOB.

+1 for keep scopes in swagger.

Regards
Roshan.




On Tue, Dec 5, 2017 at 7:15 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




--
Regards,
Viduranga Gunarathne
Software Engineer Intern
WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2071%20243%207484" value="+94712437484" target="_blank">+94712437484
Web : http://wso2.com
https://wso2.com/signature



--
Malintha Amarasinghe
WSO2, Inc. - lean | enterprise | middleware

Mobile : <a href="tel:+94%2071%20238%203306" value="+94712383306" target="_blank">+94 712383306

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Chamin Dias
In reply to this post by Viduranga Gunarathne
Yes, it will be good to keep the scopes in swagger. As Viduranga pointed out, we can avoid the security concern as well. (Even though the SDK cannot be used without a token)

Thanks.

On Tue, Dec 5, 2017 at 8:50 AM, Viduranga Gunarathne <[hidden email]> wrote:
Hi Tharindu,

+1 to keep the scopes in the Swagger definition. 

When we generate SDKs for APIs in APIM, swagger codegen generates authentication procedures (Sample code + documentation) for the SDK only if there are security scopes in the swagger definition. This issue is there is API-M 210, because the swagger definition used to generate SDKs doesn't have security scopes. [1].

Also does this allow to have multiple scopes for a single resource?

[1] Mail subject "(CLOUDPROD-483) [API cloud] Usability issues in store API SDKs"

Thanks,
Viduranga.

On Tue, Dec 5, 2017 at 6:30 AM, roshan wijesena <[hidden email]> wrote:
Tharindu,

IMO, we should extend key-manager interface for this implementation, because there could be instances where, some key managers does not support resource registrations OOB.

+1 for keep scopes in swagger.

Regards
Roshan.




On Tue, Dec 5, 2017 at 7:15 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture




--
Regards,
Viduranga Gunarathne
Software Engineer Intern
WSO2

Email : [hidden email]
Mobile : <a href="tel:+94%2071%20243%207484" value="+94712437484" target="_blank">+94712437484
Web : http://wso2.com
https://wso2.com/signature



--
Chamin Dias
Mobile : 0716097455


_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Bhathiya Jayasekara
In reply to this post by tharindu1st
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: +94715478185

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

tharindu1st
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Tharindu Dharmarathna
Associate Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94779109091
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

tharindu1st
Hi All,

As per the offline discussion today, we going to implement according to following way.

Rest Apis expose

/apis/{apiId}/scopes - POST to Create Scope object.
/apis/{apiid}/scopes - GET Get list of scope names
/apis/{apiid}/scopes/{name} -  GET get the detail of Scope
/apis/{apiid}/scopes/{name} - PUT update the existing scope
/apis/{apiid}/scopes/{name} - Delete delete the scope

Scope assign into the resource.

This can be done by following two ways.

1.  / apis/{apiid} - PUT scope assign it to resource and those information stored in swagger.json
2. /apis/{apiid}/swagger  - PUT swagger.json update with scopes will create/update accoringly.


On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna <[hidden email]> wrote:
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Tharindu Dharmarathna
Associate Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94779109091
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Harsha Kumara-2
On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

As per the offline discussion today, we going to implement according to following way.

Rest Apis expose

/apis/{apiId}/scopes - POST to Create Scope object.
/apis/{apiid}/scopes - GET Get list of scope names
/apis/{apiid}/scopes/{name} -  GET get the detail of Scope
/apis/{apiid}/scopes/{name} - PUT update the existing scope
/apis/{apiid}/scopes/{name} - Delete delete the scope
What are the restrictions for scope name? Having special charactors will cause issues.

Scope assign into the resource.

This can be done by following two ways.

1.  / apis/{apiid} - PUT scope assign it to resource and those information stored in swagger.json
2. /apis/{apiid}/swagger  - PUT swagger.json update with scopes will create/update accoringly.

So we are going to store the scopes in the swagger itself and the scope to role mappings in database right?  

On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna <[hidden email]> wrote:
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

tharindu1st
Hi Harsha,



On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[hidden email]> wrote:
On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

As per the offline discussion today, we going to implement according to following way.

Rest Apis expose

/apis/{apiId}/scopes - POST to Create Scope object.
/apis/{apiid}/scopes - GET Get list of scope names
/apis/{apiid}/scopes/{name} -  GET get the detail of Scope
/apis/{apiid}/scopes/{name} - PUT update the existing scope
/apis/{apiid}/scopes/{name} - Delete delete the scope
What are the restrictions for scope name? Having special charactors will cause issues.

Scope assign into the resource.

This can be done by following two ways.

1.  / apis/{apiid} - PUT scope assign it to resource and those information stored in swagger.json
2. /apis/{apiid}/swagger  - PUT swagger.json update with scopes will create/update accoringly.

So we are going to store the scopes in the swagger itself and the scope to role mappings in database right?  

Scopes are only stored in swagger itself and for the scope to role mapping it will resides on the Authorization Server Itself. when we going to show the scope, we call the Authorization server endpoint and get the bindings. 

On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna <[hidden email]> wrote:
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: +94779109091

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Tharindu Dharmarathna
Associate Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
mobile: +94779109091
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Harsha Kumara-2


On Fri, Dec 8, 2017 at 11:10 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi Harsha,



On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[hidden email]> wrote:
On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

As per the offline discussion today, we going to implement according to following way.

Rest Apis expose

/apis/{apiId}/scopes - POST to Create Scope object.
/apis/{apiid}/scopes - GET Get list of scope names
/apis/{apiid}/scopes/{name} -  GET get the detail of Scope
/apis/{apiid}/scopes/{name} - PUT update the existing scope
/apis/{apiid}/scopes/{name} - Delete delete the scope
What are the restrictions for scope name? Having special charactors will cause issues.

Scope assign into the resource.

This can be done by following two ways.

1.  / apis/{apiid} - PUT scope assign it to resource and those information stored in swagger.json
2. /apis/{apiid}/swagger  - PUT swagger.json update with scopes will create/update accoringly.

So we are going to store the scopes in the swagger itself and the scope to role mappings in database right?  

Scopes are only stored in swagger itself and for the scope to role mapping it will resides on the Authorization Server Itself. when we going to show the scope, we call the Authorization server endpoint and get the bindings. 
When it comes to token generation and validation how efficient is to get scopes information of a resource when we stored scopes in swagger? Does it has any effect?

On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna <[hidden email]> wrote:
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: +94775505618
Blog:harshcreationz.blogspot.com

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Nuwan Dias


On Mon, Dec 11, 2017 at 4:31 AM, Harsha Kumara <[hidden email]> wrote:


On Fri, Dec 8, 2017 at 11:10 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi Harsha,



On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[hidden email]> wrote:
On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

As per the offline discussion today, we going to implement according to following way.

Rest Apis expose

/apis/{apiId}/scopes - POST to Create Scope object.
/apis/{apiid}/scopes - GET Get list of scope names
/apis/{apiid}/scopes/{name} -  GET get the detail of Scope
/apis/{apiid}/scopes/{name} - PUT update the existing scope
/apis/{apiid}/scopes/{name} - Delete delete the scope
What are the restrictions for scope name? Having special charactors will cause issues.

Scope assign into the resource.

This can be done by following two ways.

1.  / apis/{apiid} - PUT scope assign it to resource and those information stored in swagger.json
2. /apis/{apiid}/swagger  - PUT swagger.json update with scopes will create/update accoringly.

So we are going to store the scopes in the swagger itself and the scope to role mappings in database right?  

Scopes are only stored in swagger itself and for the scope to role mapping it will resides on the Authorization Server Itself. when we going to show the scope, we call the Authorization server endpoint and get the bindings. 
When it comes to token generation and validation how efficient is to get scopes information of a resource when we stored scopes in swagger? Does it has any effect?

Since Ballerina is tightly linked to Swagger we could probably get the scopes from the Swagger file to the Ballerina service itself, at the point of deploying the API. If the scopes are in the Ballerina resource itself we won't have to read the swagger for scopes. 

On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna <[hidden email]> wrote:
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
Phone : +94 777 775 729

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

roshan wijesena-2
Nuwan, When we export the  swagger file, we should be able to get all the scopes that are bonded to the Ballerina resource right?

On Mon, Dec 11, 2017 at 2:44 PM, Nuwan Dias <[hidden email]> wrote:


On Mon, Dec 11, 2017 at 4:31 AM, Harsha Kumara <[hidden email]> wrote:


On Fri, Dec 8, 2017 at 11:10 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi Harsha,



On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[hidden email]> wrote:
On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

As per the offline discussion today, we going to implement according to following way.

Rest Apis expose

/apis/{apiId}/scopes - POST to Create Scope object.
/apis/{apiid}/scopes - GET Get list of scope names
/apis/{apiid}/scopes/{name} -  GET get the detail of Scope
/apis/{apiid}/scopes/{name} - PUT update the existing scope
/apis/{apiid}/scopes/{name} - Delete delete the scope
What are the restrictions for scope name? Having special charactors will cause issues.

Scope assign into the resource.

This can be done by following two ways.

1.  / apis/{apiid} - PUT scope assign it to resource and those information stored in swagger.json
2. /apis/{apiid}/swagger  - PUT swagger.json update with scopes will create/update accoringly.

So we are going to store the scopes in the swagger itself and the scope to role mappings in database right?  

Scopes are only stored in swagger itself and for the scope to role mapping it will resides on the Authorization Server Itself. when we going to show the scope, we call the Authorization server endpoint and get the bindings. 
When it comes to token generation and validation how efficient is to get scopes information of a resource when we stored scopes in swagger? Does it has any effect?

Since Ballerina is tightly linked to Swagger we could probably get the scopes from the Swagger file to the Ballerina service itself, at the point of deploying the API. If the scopes are in the Ballerina resource itself we won't have to read the swagger for scopes. 

On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna <[hidden email]> wrote:
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
Phone : <a href="tel:+94%2077%20777%205729" value="+94777775729" target="_blank">+94 777 775 729

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture



_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
Reply | Threaded
Open this post in threaded view
|

Re: [APIM][C5] - Resource Registration Rest API For API Manager

Nuwan Dias


On Mon, Dec 11, 2017 at 4:50 AM, roshan wijesena <[hidden email]> wrote:
Nuwan, When we export the  swagger file, we should be able to get all the scopes that are bonded to the Ballerina resource right?

Scopes are primarily declared on the Swagger file itself. So if you export the Swagger file, you can get all the scopes from there. Swagger to Ballerina is a one-to-one mapping. So a scope declared under a resource in the Swagger is exactly the same scope attached to the resource in the Ballerina service. 

On Mon, Dec 11, 2017 at 2:44 PM, Nuwan Dias <[hidden email]> wrote:


On Mon, Dec 11, 2017 at 4:31 AM, Harsha Kumara <[hidden email]> wrote:


On Fri, Dec 8, 2017 at 11:10 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi Harsha,



On Fri, Dec 8, 2017 at 10:38 PM, Harsha Kumara <[hidden email]> wrote:
On Tue, Dec 5, 2017 at 12:59 PM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

As per the offline discussion today, we going to implement according to following way.

Rest Apis expose

/apis/{apiId}/scopes - POST to Create Scope object.
/apis/{apiid}/scopes - GET Get list of scope names
/apis/{apiid}/scopes/{name} -  GET get the detail of Scope
/apis/{apiid}/scopes/{name} - PUT update the existing scope
/apis/{apiid}/scopes/{name} - Delete delete the scope
What are the restrictions for scope name? Having special charactors will cause issues.

Scope assign into the resource.

This can be done by following two ways.

1.  / apis/{apiid} - PUT scope assign it to resource and those information stored in swagger.json
2. /apis/{apiid}/swagger  - PUT swagger.json update with scopes will create/update accoringly.

So we are going to store the scopes in the swagger itself and the scope to role mappings in database right?  

Scopes are only stored in swagger itself and for the scope to role mapping it will resides on the Authorization Server Itself. when we going to show the scope, we call the Authorization server endpoint and get the bindings. 
When it comes to token generation and validation how efficient is to get scopes information of a resource when we stored scopes in swagger? Does it has any effect?

Since Ballerina is tightly linked to Swagger we could probably get the scopes from the Swagger file to the Ballerina service itself, at the point of deploying the API. If the scopes are in the Ballerina resource itself we won't have to read the swagger for scopes. 

On Tue, Dec 5, 2017 at 12:39 PM, Tharindu Dharmarathna <[hidden email]> wrote:
@Bhathiya,

We are not giving sharing the scopes between APIS as those roles can have different definitions as below.

For API1 for resource /menu post need scope1 which have role1 and role2.

For API2 for resource /abc POST need scope1 which have role3 and role4. 

therefore we can't create scope which can cater above 2.



On Tue, Dec 5, 2017 at 11:33 AM, Bhathiya Jayasekara <[hidden email]> wrote:
Hi Tharindu,

Have we considered creating scopes in a single place and reusing them in multiple APIs (just like we do with endpoints in v3)? I believe it will be a useful capability because it allows publishers to reduce the number of scopes when there are many APIs and resources.

IINM, in the current implementation, users can't even add the same scope even for multiple versions of the same API. Well, that's a separate thing to handle anyway.  

Thanks,
Bhathiya

On Tue, Dec 5, 2017 at 1:45 AM, Tharindu Dharmarathna <[hidden email]> wrote:
Hi All,

We are going to develop Resource Registration Rest API for engaging Scope for the resource. I had come up with below flow in order to do the above.



In Above Diagram for Store Scopes, we can do below two ways.

  1. Store under swagger.json as security definition
  2. Store In database schema.
If we are Storing in swagger we have following advantages and disadvantages.
Advantages

1. The scope can easily manage as we can assign the scopes to a resource inside the swagger.

Disadvantages.

1. If we have lots of scopes for the API for getting the Details of the scope we have to call the Resource Server Endpoint, therefore it may lead to high network usage.
2. Swagger given by user get changed by injecting our set of properties.

I had come up with below set of resources to create scopes and assign scopes

  1. /apis/{apiid}/scopes - post (add scope for api)
  2. /apis/{apiid}/scopes - get (get All the scopes for api)
  3. /apis/{apiid}/scopes/{name} - put update scope
  4. /apis/{apiid}/scopes/{name} - delete scope
  5. /apis/{apiid} - put (Apply scopes(add,update,delete) into resources)
  6. /apis/{apiid} - get (get scopes applied to a resources)
Or We can do the below way as Reources are not consider as a sub resources of the API

  1. /api1/{apiid} - (get,put) These two operations used to add scope,update scope,delete scope,assign scopes to resources.

Please let us know your Ideas on this.

Thanks
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Bhathiya Jayasekara
Associate Technical Lead,
WSO2 inc., http://wso2.com

Phone: <a href="tel:+94%2071%20547%208185" value="+94715478185" target="_blank">+94715478185



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Tharindu Dharmarathna
Senior Software Engineer
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: <a href="tel:+94%2077%20910%209091" value="+94779109091" target="_blank">+94779109091



--
Harsha Kumara
Software Engineer, WSO2 Inc.
Mobile: <a href="tel:+94%2077%20550%205618" value="+94775505618" target="_blank">+94775505618
Blog:harshcreationz.blogspot.com



--
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
Phone : <a href="tel:+94%2077%20777%205729" value="+94777775729" target="_blank">+94 777 775 729

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture





--
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
Phone : +94 777 775 729

_______________________________________________
Architecture mailing list
[hidden email]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture