[AIRAVATA-1624] [GSoC] Securing Airavata API - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: WISHLIST
Component/s: Airavata API
Labels:
- gsoc
- gsoc2015
- mentor

Description

Apache Airavata uses Thrift based API's for external facing API's and for system internal CPI's. The API's need to be secured adding authentication and authorization capabilities.

The Authentication need to ensure only approved users/clients can communicate. Similarly clients should only interact with valid servers.

Authorization need to be enforced to ensure only users with specific roles can appropriately access specific API's. As an example, administrative roles should be able see all the users experiments where as end users can only see his/her data and not access other information (unless explicitly shared).

Earlier GSoC project focused on this topic has relavent discussion.
https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Securing_ARAVATA_API_V1.pdf
06/Mar/15 20:49
235 kB
Hasini Gunasinghe

Issue Links

supercedes

AIRAVATA-1420 Add Security capabilities to Airavata Thrift services and clients

Closed

Sub-Tasks

1.	Implementation of OAuth request_code grant flow in pga	Closed	Supun Nakandala
2.	Enabling tls communication between PGA and Airavata	Closed	Supun Nakandala
3.	Integration of API security components & test the implementation	Closed	Supun Nakandala

Activity

People

Assignee:: Supun Nakandala

Reporter:: Suresh Marru

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 06/Mar/15 19:44

Updated:: 16/May/16 15:06

Resolved:: 16/May/16 15:06