Two main use cases here: 1) straight pass through of security credentials submitted by client
2) credential mediation where the gateway recognizes the client identity and maps the credentials into the format suitable for the back-end service. For scenario #2, Defining the credential mediation between front-end credentials and back-end credentials would ideally rely on capabilities within the WSO2 Identity Server. Ideally, WSO2 APIM would plug in an Identity Server UI into the API Publisher page for the 'create/edit api' task. Credential mapping would ideally be centrally stored in the user repository, and Identity Server could manage the mappings. /Chris On Aug 18, 2013, at 1:01 AM, Sanjiva Weerawarana <[email protected]> wrote: > Guys what have we done for secured backend services so far? Which of these do > we support: > > - HTTP Basic Auth > - OAuth > - HTTP Digest Auth > - WS-Sec UT > - WS-Sec whatever the other thing is > - what else? > > Given the requirement pretty much on the ESB what else do we need to support? > > Sanjiva. > -- > Sanjiva Weerawarana, Ph.D. > Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ > email: [email protected]; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 > 650 265 8311 > blog: http://sanjiva.weerawarana.org/ > > Lean . Enterprise . Middleware > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
