Version 1

    Identified tasks for adding security to the AS7 management APIs: -


    DescriptionJira IssuesOwner
    Comments / Risks
    Define security configuration.

    General management API configuration.
    Login modules need to operate in non-AS domains.
    Anil / Marcus

    Add BASIC authenticator to HTTP API


    Add CLIENT-CERT type authenticator to HTTP API

    Ensure equivalent authentication possible through native API.

    Initial native API with Remoting.
    Security initialisation similar to subsystem initialisation.

    To review as much re-use of security extension in non AS.
    Interception of all inbound calls for authorization check.

    Initial check may just be that the calling user must have been authenticated.
    Define ACL scheme.

    Add ACL checking to authorization.

    Mechanism to provide users permissions to clients of the API.