1

So lately I've been reading a lot about Fiware, and I want to do some tests. I would like to create a website that will allow the creation of 2 types of users:

  • Users of type A will be able to add new points of interest on this website.
  • Users of type B will be able to edit those points of interest on this website.

Then when a user logs in, the website will check its type and will allow the user to do one thing or another.

Which global enablers can I use? So far I've found these GE to be of use for my project:

I haven't been able to understand much about the fiware cloud environment (the fiware lab), and I don't know if it might be of use for me, if it is ready for production, etc, so I'm developing everything locally at the moment, and will eventually deploy to my server. May I use Sagitta (http://catalogue.fiware.org/enablers/software-deployment-configuration-sagitta) for the deployment process?

I've also read about other GEs such as KeyRock (http://catalogue.fiware.org/enablers/identity-management-keyrock) that deals with authentication, can I use this to handle my users and their type, and make a login form using this?

fgalan
  • 11,732
  • 9
  • 46
  • 89
Ivan
  • 1,801
  • 2
  • 23
  • 40

2 Answers2

1

About Fiware's Idm GE, it is a bit modified openstacks identity manager. http://docs.openstack.org/developer/keystone/ It consists of keyrock and horizon(which is front end application-dashboard) and uses OAuth 2.0 for authorization, so it would be good to look a bit at it's API.

Yes you can implement login via form, just send data in json format. Here is an example of that data using curl, 

curl -i \
   -H "Content-Type: application/json" \
   -d '
  { "auth": {
     "identity": {
  "methods": ["password"],
  "password": {
    "user": {
      "name": "idm",
      "domain": { "id": "default" },
      "password": "idm"
    }
   }
  }
 }
}' \
http://192.168.4.33:5000/v3/auth/tokens ; echo

and get your authentication token. But the idea is to use this GE for authenticating users of multiple applications. When you register application in horizon that application is assigned client_id and secret_id, which you pass from your application along with url of horizon and callback url via REST calls.Then user will be redirected to fiware account manager where he can log in.After successful login user is again redirected to application and in that moment you should save token in session.

Regarding your first question, inside horizon you can define HTTP methods users can invoke, so for that group of users that can only edit POI-s, you could place only GET and PUT method and for those that should create POI-s also you could add POST method. Also take a look at this video: https://www.youtube.com/watch?v=uHLznMsnmTs

Milos Miletic
  • 500
  • 6
  • 19
0

The POI Data Provider software found in GitHub supports now access control. You may use Google+ or FIWARE Lab authentication to log in to the service. There are 4 types of users:

  • Users of type A will be able to add new points of interest on this website.
  • Users of type B will be able to edit and delete those points of interest on this website.
  • Users of type C will be able to view points of interest on this website. This can be configured to include also unregistered users
  • Users of type D (admins) will be able to manage users of this website.

See The Installation and Administration manual for detailed instructions.

Thank you for motivating development of this necessary feature!

Ari Okkonen
  • 165
  • 1
  • 10