Uploaded image for project: 'Airavata'
  1. Airavata
  2. AIRAVATA-1624

[GSoC] Securing Airavata API

    XMLWordPrintableJSON

Details

    Description

      Apache Airavata uses Thrift based API's for external facing API's and for system internal CPI's. The API's need to be secured adding authentication and authorization capabilities.

      The Authentication need to ensure only approved users/clients can communicate. Similarly clients should only interact with valid servers.

      Authorization need to be enforced to ensure only users with specific roles can appropriately access specific API's. As an example, administrative roles should be able see all the users experiments where as end users can only see his/her data and not access other information (unless explicitly shared).

      Earlier GSoC project focused on this topic has relavent discussion.
      https://cwiki.apache.org/confluence/display/AIRAVATA/GSoC+2014+-+Add+Security+capabilities+to+Airavata+Thrift+services+and+clients

      Attachments

        1. Securing_ARAVATA_API_V1.pdf
          235 kB
          Hasini Gunasinghe

        Issue Links

          Activity

            People

              scnakandala Supun Nakandala
              smarru Suresh Marru
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: