Re: [abacus] Usage processing authorization, was: Usage submission authorization
Hi all,toggle quoted messageShow quoted text
A few more thoughts on a different, but related subject.
We're using the resource provider's token and scopes to authorize usage
*submission* to our usage collector service. I agree with that and have
confirmed it in my answer to Piotr's question below.
It also looks like we're using the resource provider's token as well to
flow usage data through our usage *processing* pipeline (after we've
authorized the usage submission, validated that usage and taken
responsibility for it). I'm wondering if we couldn't find a better
approach, as we will run into a number of issues with this:
- processing delays in the pipeline can cause the token to expire, at that
point the resource provider is out of the loop, can't do anything about it,
and it won't make much sense anyway to ask the resource provider for a new
token way after it has submitted its usage;
- when restarting an Abacus service and recovering after a processing
interruption, we don't have a valid resource provider token either;
- more generally, I find a bit odd to use the resource provider's token in
usage processing steps down the Abacus pipeline, as they're really just
processing usage passed to them by the previous Abacus processing step (or
could have just read that usage from one of our usage DBs, and again the
resource provider wouldn't be so relevant as it wouldn't even have written
that usage to that DB itself.)
So, I'm wondering if it still makes sense to use the resource provider's
token inside our *asynchronous* usage *processing* pipeline. Shouldn't we
require the individual processing steps to obtain their own tokens instead?
On Tue, Oct 6, 2015 at 10:36 PM, Jean-Sebastien Delfino <jsdelfino(a)gmail.com
Hi Piotr,what kind of authorization is required to submit usage to Abacus ?scope, specific to resource or resource provider ?