On Mon, Oct 10, 2016 at 6:18 PM, Nuwan Dias <nuw...@wso2.com> wrote:
> With the current efforts on moving to C5 based architecture, API Manager
> plans to rely on standalone IS (without installing features) so that it can
> operate as the Key Manager for the API Gateway. In order to achieve this,
> there are a few feature gaps in IS we have identified earlier that need to
> be filled in. Please see the list below.
> 1. A Dynamic Client Registration Endpoint
> When users create Applications and Keys on the API Store, we need to call
> an Endpoint on IS to register the Application. Once an Application is
> registered, API Manager also requires an endpoint to retrieve the
> Application's information by querying using the Application name.
> 2. A Resource Registration Endpoint
> When defining scopes and associating Resources to scopes, it is required
> to register these scopes on IS. Scopes should also have a role (or similar)
> binding so that we can perform RBAC (at a minimal) for scopes. It is ideal
> to make this an extensible framework so that others could associate thing
> like permissions to scope as well.
> 3. A Resource Validation Endpoint against scopes
> When the Gateway grants access on a particular token to a resource, it
> needs to check if the given token bears the necessary scope to access that
Does Gateway has to call IS for token validation for each API call? Won't
that degrade performance?
> At the moment we have identified the above 3 as mandatory features to be
> supported by IS if the said integration is to be feasible. We would be
> grateful if these could be taken into consideration when IS is being built
> on C5.
> Nuwan Dias
> Software Architect - WSO2, Inc. http://wso2.com
> email : nuw...@wso2.com
> Phone : +94 777 775 729
> Architecture mailing list
Senior Software Engineer - API Technologies
Email : abima...@wso2.com
Mobile : +94 773922820
Architecture mailing list