airavata-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Suresh Marru (JIRA)" <>
Subject [jira] [Created] (AIRAVATA-1624) [GSoC] Securing Airavata API
Date Fri, 06 Mar 2015 19:44:38 GMT
Suresh Marru created AIRAVATA-1624:

             Summary: [GSoC] Securing Airavata API
                 Key: AIRAVATA-1624
             Project: Airavata
          Issue Type: New Feature
          Components: Airavata API
            Reporter: Suresh Marru

Apache Airavata uses Thrift based API's for external facing API's and for system internal
CPI's. The API's need to be secured adding authentication and authorization capabilities.

The Authentication need to ensure only approved users/clients can communicate. Similarly clients
should only interact with valid servers. 

Authorization need to be enforced to ensure only users with specific roles can appropriately
access specific API's. As an example, administrative roles should be able see all the users
experiments where as end users can only see his/her data and not access other information
(unless explicitly shared). 

Earlier GSoC project focused on this topic has relavent discussion.

This message was sent by Atlassian JIRA

View raw message