Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

OAuth access and privacy

Hi everybody,

One of our users requested to be allowed to have access to our CLM by using OAuth (he's developing an application).
https://jazz.net/wiki/bin/view/Main/AppSdkDelegatingAuth#OAuth_Overview

I have investigated this and I have found out that there are several things that are not well defined (described):
1) How to limit the access of such an application ( for example allow only to a specific project area BUT not breaking the privacy of the rest of the project areas)
2) How to define the rights that this application will have (allow create work items, but deny create project area or deny create users) ?
3) How can we track the usage of such OAuth authentication? (In case we need to make a statistic of how many calls per week/day/month etc.)
4) License usage (how to assign a license for such a call etc.)

I'm asking these because these are quite important for my organization.

Thank you in advance,
Dacian

0 votes


Accepted answer

Permanent link
 HI Dacian,

my understanding of oAuth has always been that it is a supplement to the standard user/password authentication/authorization.  All of what you describe above is I would say controlled by the later.  

I see oAuth as allowing the Application access.  But that is not enough, a user must also authenticate.  If the oAuth dance fails, you don't get an opportunity to login - you won't even get the login dialog.  If it succeeds, then you login and get to see what services are available to your user.

This is based on my observations of how the DOORS OSLC integrations work.  Maybe there is more to it and I could be wrong but I thought I would share anyway.  

HTH
Maeve
Dacian Hantig selected this answer as the correct answer

2 votes

Comments

That is basically right ... oAuth is just a way of authenticating, and once you have successfully authenticated via oAuth, you will be logged in as a given Jazz user, with only the rights of that user (i.e. no different than if you had logged in as that user via the Eclipse client, the Visual Studio client, the command line, or the web browser client.

Thank you Maeve OReilly and Geoffrey Clemm. Now it's clear for me!

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,019
× 7,495

Question asked: Apr 15 '14, 3:42 a.m.

Question was seen: 4,383 times

Last updated: Apr 16 '14, 3:30 a.m.

Confirmation Cancel Confirm