On Thu, Oct 6, 2016 at 10:44 AM, Sajith Kariyawasam <[email protected]> wrote:
> Hi all, > > We were discussing ways of implementing the above feature. > > As of now, for supporting mutual SSL in API Gateway, dynamic SSL Profiles > are used [1 > <http://ishara-cooray.blogspot.com/2016/07/how-to-secure-your-backend-services-and.html> > ][2 > <http://jagathsa.blogspot.com/2015/09/dynamic-ssl-profiles-in-wso2-esb-490.html> > ] > There, keystores and truststores can be configured dynamically per backend > endpoint (ip and port). > > But the limitation in here is, those cannot configured per-tenant basis as > SSL profile is bound to a transport and the transports are not tenant aware. > > As we can see, we have following two options. > > 1. Enhance the transports to be tenant aware, so that per tenant profiles > can be maintained. > SSL handshake happens at the initial stage of the communication and the transport will not become optimized with this. > or > > 2. Deploying per tenant API Gateway nodes > Container per tenant make sense. > > > Any thoughts on those are highly appreciated. > > [1] http://ishara-cooray.blogspot.com/2016/07/how-to-secure- > your-backend-services-and.html > [2] http://jagathsa.blogspot.com/2015/09/dynamic-ssl-profiles- > in-wso2-esb-490.html > > > Thanks, > Sajith > > -- > Sajith Kariyawasam > *Associate Tech Lead* > *WSO2 Inc.; http://wso2.com <http://wso2.com/>* > *Committer and PMC member, Apache Stratos * > *AMIE (SL)* > *Mobile: 0772269575 <0772269575>* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Best Regards, Malaka Silva Senior Technical Lead M: +94 777 219 791 Tel : 94 11 214 5345 Fax :94 11 2145300 Skype : malaka.sampath.silva LinkedIn : http://www.linkedin.com/pub/malaka-silva/6/33/77 Blog : http://mrmalakasilva.blogspot.com/ WSO2, Inc. lean . enterprise . middleware https://wso2.com/signature http://www.wso2.com/about/team/malaka-silva/ <http://wso2.com/about/team/malaka-silva/> https://store.wso2.com/store/ Don't make Trees rare, we should keep them with care
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
