Hi all, We were discussing ways of implementing the above feature.
As of now, for supporting mutual SSL in API Gateway, dynamic SSL Profiles are used [1 <http://ishara-cooray.blogspot.com/2016/07/how-to-secure-your-backend-services-and.html> ][2 <http://jagathsa.blogspot.com/2015/09/dynamic-ssl-profiles-in-wso2-esb-490.html> ] There, keystores and truststores can be configured dynamically per backend endpoint (ip and port). But the limitation in here is, those cannot configured per-tenant basis as SSL profile is bound to a transport and the transports are not tenant aware. As we can see, we have following two options. 1. Enhance the transports to be tenant aware, so that per tenant profiles can be maintained. or 2. Deploying per tenant API Gateway nodes Any thoughts on those are highly appreciated. [1] http://ishara-cooray.blogspot.com/2016/07/how-to-secure-your-backend-services-and.html [2] http://jagathsa.blogspot.com/2015/09/dynamic-ssl-profiles-in-wso2-esb-490.html Thanks, Sajith -- Sajith Kariyawasam *Associate Tech Lead* *WSO2 Inc.; http://wso2.com <http://wso2.com/>* *Committer and PMC member, Apache Stratos * *AMIE (SL)* *Mobile: 0772269575*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
