[Fiware-api-cross] Session about API Access Control on Monday May 13 afternoon

DANGERVILLE Cyril cyril.dangerville at thalesgroup.com
Mon May 13 14:27:05 CEST 2013

Previous message: [Fiware-api-cross] Session about API Access Control on Monday May 13 afternoon
Next message: [Fiware-api-cross] Session about API Access Control on Monday May 13 afternoon
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,
I am one of the contact points; and yes, there is a first release of the Access Control GE that enables API access Control (combining Identity Management GE and XACML asset), which can be improved until June, of course. New features are already planned. Yet, if we have to define a use case scenario for the Live Demo, we have to do it quite in advance to make sure all the requirements are *actually* met by the current status of the GE, which is far from obvious, since there is a great range of possibilities in that domain.  We also have to make sure we have time to integrate the GE with the Demo Application in the time frame, depending on the complexity of the application.

Regards,
CD

---
Cyril Dangerville, CISSP
Thales Services
ThereSIS Innovation lab, ICT Security Unit

De : fiware-api-cross-bounces at lists.fi-ware.eu [mailto:fiware-api-cross-bounces at lists.fi-ware.eu] De la part de Fermín Galán Márquez
Envoyé : lundi 13 mai 2013 12:45
À : fiware-api-cross at lists.fi-ware.eu
Objet : Re: [Fiware-api-cross] Session about API Access Control on Monday May 13 afternoon

Hi,

I have an additional broad question related with API Access Control and Live Demo Application for all the involved partners (NSN/DT/UPM/Thales):

Will the API Access Control functionality be ready to be included as part of the next iteration of Live Demo Application during next review (June 12-13)? That means of course that it has to be ready in advance to that date, considering the integration and testing times.

In affirmative case, I need to know the contact point for this in order to define the utilization scenario in Live Demo Application.

Thanks!

Best regards,

------
Fermín

El 06/05/2013 4:07, Juanjo Hierro escribió:
Dear colleagues,

  I would like to have a session on Monday May 13 afternoon (Part II of the weekly joint WPLs/WPAs follow-up confcalls, from 14:30 to 16:00) to push activities related to the API Access Control framework we agree to offer to FI-WARE application developers in Release 2 (attached, for your convenience, the slides we agreed upon with the final reference architecture represented in the last slide).

  Despite I may come later this week with more details, there are a number of points I would like to tackle during that session which I can anticipate at this point:

 *   @NSN/DT: status regarding support of OAuth messages (steps 4, 6, 7, 11 and 12 in the last slide of the attached presentation illustrating the final reference architecture).   Could you point me out where in the IdM GE Open Specifications can I find the specification of the REST API that comprises the operations supporting these steps ?   If that REST API specification is a standard specification, it would be nice to see a link to it together with a statement about its support by the IdM GE.   It may have passed unadvertised to me, but I couldn't find anything like that ...
 *   @UPM: I would like to see an analysis of the APIs provided by the XACML PDP component (Access Control GE) to be provided by Thales:

    *   APIs to be invoked by the Proxy component
    *   APIs to be used by the FI-WARE OIL Portal, or application-specific portals, to configure access control policies to be enforced by the XACML PDP component (Access Control GE) by Thales

 *   @UPM: status of the implementation of the Proxy component that may interact both with Keystone components from OpenStack and the XACML PDP component (Access Control GE) by Thales
 *   @NSN/DT: status about implementation of APIs enabling creation/deletion/management of users and organization of users as well as the definition of attributes for both ... This would enable application providers or FI-WARE Instance Providers, among others, to define portals for management of application users ...  (note that very much related to this, I raise a hot issue below)

  Please book the proposed slot in your agendas.   If you can provide some input to the above questions in advance to the meeting, it would be rather nice.

  I take this opportunity to raise a number of hot issues I have detected while reviewing contents of the Security Chapter in the FI-WARE Architecture.   It would be nice to see some clarifications on your side ASAP:

 *   IdM GE API Open Specifications: Frankly speaking, I can't find any API specification associated to the FI-WARE IdM GE ... what you have there are the URLs of service endpoints linked to concrete instances of the IdM GE, provided by DT and NSN.   This might be useful information to publish in the tab "instances" linked to entries in the FI-WARE Catalogue associated to the IdM GEis implemented by NSN and DT ... but why is this stuff published as part of the IdM GE Open Specifications ?    I have found that a similar comment was raised by TID/UPM during the peer review but seems like it had been ignored ...   If part of the IdM GE API Open Specifications matches a given standard then you should provide a link to the published specs together with comments regarding level of support of the referred spec (e.g., may be not all the operations in the standard API you make a link to are supported in your implementation).    Besides, at one point you state: "Additional to the authentication and authorization interfaces the Identity Management GEs delivers a REST API for all functionalities regarding user and profile management" ... however I can't see that REST API specified anywhere ... Where is it ?  Last but not least, I have read in one of the comments that some of the examples you provide were related to OAuth 1.0 rather than OAuth 2.0 ... could you confirm that you will support OAuth 2.0 ?
 *   Access Control GE:  I read the following as part of the Open Specs and it rather seems inadmissible to me: "The API operations and associated datatypes are fully described in the Access Control GE - Authorization Restful API (fiware.access_control_ge.authz.api.wadl.zip) package available in document folder Cross Topics > APIs access control, monitoring and accounting of project FI-WARE Private".   Please, FI-WARE Open Specifications are public !  we cannot deliver something like this !


  Best regards,



-- Juanjo Hierro



-------------

Product Development and Innovation (PDI) - Telefonica Digital

website: www.tid.es<http://www.tid.es>

email: jhierro at tid.es<mailto:jhierro at tid.es>

twitter: twitter.com/JuanjoHierro



FI-WARE (European Future Internet Core Platform) Coordinator

and Chief Architect



You can follow FI-WARE at:

  website:  http://www.fi-ware.eu

  facebook: http://www.facebook.com/pages/FI-WARE/251366491587242

  twitter:  http://twitter.com/FIware

  linkedIn: http://www.linkedin.com/groups/FIWARE-4239932


________________________________

Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo.
This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-api-cross/attachments/20130513/d45ff771/attachment.html>

Previous message: [Fiware-api-cross] Session about API Access Control on Monday May 13 afternoon
Next message: [Fiware-api-cross] Session about API Access Control on Monday May 13 afternoon
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Fiware-api-cross mailing list

You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy