Hi all, Please also consider the governance aspect of this, with reporting etc involved. One portion is the statistics/analytics (runtime aspect). The other portion is what information we need to collect to make Security Governance possible with IS. For example, we need to consider what information of IS is useful to make [1, 2] possible. Along these lines, we need to think how IS, G-Reg and other products being secured by IS can coordinate to capture required metrics.
[1] http://bezpeka.ladimir.kiev.ua/free-exam-aids/InfoSec_Guidance_for_Mgrs_Research_21May08.pdf [2] http://webcache.googleusercontent.com/search?q=cache:VRdIEpvuomAJ:www.cert.org/archive/pdf/GES_IG_1_0702.pdf+&cd=3&hl=en&ct=clnk&gl=lk Thanks, Senaka. On Tue, Jun 4, 2013 at 4:39 PM, Sanjeewa Malalgoda <[email protected]>wrote: > Hi, > > On Tue, Jun 4, 2013 at 4:21 PM, Prabath Siriwardena <[email protected]>wrote: > >> Hi Sanjeewa, >> >> In API Manager - can we get stats without BAM integration ? >> > No, we cant get full stats without having BAM2 (BAM2 capture events, store > and summarize). But we can show number of subscriptions and some other run > time data using what we have in APIM tables. > > Thanks, > Sanjeewa. > >> >> Thanks & regards, >> -Prabath >> >> >> On Mon, Jun 3, 2013 at 7:49 PM, Darshana Gunawardana >> <[email protected]>wrote: >> >>> Hi all, >>> >>> I have started on working $subject(as in our internal roadmap #602). >>> Final outcome of this should be, >>> >>> - a simple statistic publishing with IS alone and >>> - more complex statistic publishing with a BAM integration. >>> >>> I have done a background research on current approaches of statistic >>> publishing and found following approaches, >>> >>> - Application level publish - Used in APIM, App Factory etc. >>> - Log based publish - for ex.BAMLogEventAppender >>> >>> Both of these needed application level data push for the data bridge. >>> Hence if a new angle of statistics is needed, it has to be change the >>> source of the product to pump new data. But in this case it can be used >>> different steam definitions and would have less analytical overhead in bam >>> side. >>> >>> We had chat within the IS team and apart from the above approaches, came >>> across the the idea of publishing data from more bottom level, i.e. using a >>> tomcat valve. Here we pump all the requests to BAM and BAM toolboxes >>> analytics had to have additional work on data extraction apart from >>> analysis. But on the positive side, this reduces the code level changes to >>> the product and more dependency on the toolbox. I'm working on a PoC of >>> this approach. >>> >>> Any comments, suggestions are welcome. >>> >>> Thanks, >>> Darshana >>> >>> -- >>> Regards, >>> >>> * >>> Darshana Gunawardana >>> *Software Engineer >>> WSO2 Inc.; http://wso2.com* >>> E-mail: [email protected] >>> **Mobile: +94718566859 >>> *Lean . Enterprise . Middleware >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Mobile : +94 71 809 6732 >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > * > * > *Sanjeewa Malalgoda* > WSO2 Inc. > Mobile : +94713068779 > > <http://sanjeewamalalgoda.blogspot.com/>blog > :http://sanjeewamalalgoda.blogspot.com/<http://sanjeewamalalgoda.blogspot.com/> > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Senaka Fernando* Member - Integration Technologies Management Committee; Technical Lead; WSO2 Inc.; http://wso2.com* Member; Apache Software Foundation; http://apache.org E-mail: senaka AT wso2.com **P: +1 408 754 7388; ext: 51736*; *M: +94 77 322 1818 Linked-In: http://linkedin.com/in/senakafernando *Lean . Enterprise . Middleware
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
