On Tue, Oct 11, 2016 at 12:59 PM, Bhathiya Jayasekara <[email protected]> wrote:
> Hi Abimaran, > > On Tue, Oct 11, 2016 at 12:32 PM, Abimaran Kugathasan <[email protected]> > wrote: > >> >> >> On Mon, Oct 10, 2016 at 6:18 PM, Nuwan Dias <[email protected]> wrote: >> >>> Hi, >>> >>> With the current efforts on moving to C5 based architecture, API Manager >>> plans to rely on standalone IS (without installing features) so that it can >>> operate as the Key Manager for the API Gateway. In order to achieve this, >>> there are a few feature gaps in IS we have identified earlier that need to >>> be filled in. Please see the list below. >>> >>> 1. A Dynamic Client Registration Endpoint >>> >>> When users create Applications and Keys on the API Store, we need to >>> call an Endpoint on IS to register the Application. Once an Application is >>> registered, API Manager also requires an endpoint to retrieve the >>> Application's information by querying using the Application name. >>> >>> 2. A Resource Registration Endpoint >>> >>> When defining scopes and associating Resources to scopes, it is required >>> to register these scopes on IS. Scopes should also have a role (or similar) >>> binding so that we can perform RBAC (at a minimal) for scopes. It is ideal >>> to make this an extensible framework so that others could associate thing >>> like permissions to scope as well. >>> >>> 3. A Resource Validation Endpoint against scopes >>> >>> When the Gateway grants access on a particular token to a resource, it >>> needs to check if the given token bears the necessary scope to access that >>> resource. >>> >> >> >> Does Gateway has to call IS for token validation for each API call? Won't >> that degrade performance? >> > > Isn't this the same thing we already have solved using gateway cache? I > don't think that's going to be any different with new approach. > Currently Gateway and Key Manager (Key Manager profile of API Manager ) uses Thrift protocol for communication, but, Identity Server don't support Thrift protocol, so, we have to use REST/SOAP for all the communications. Thrift is comparatively faster the any HTTP based protocols. > > Thanks, > Bhathiya > > >> >> >>> >>> At the moment we have identified the above 3 as mandatory features to be >>> supported by IS if the said integration is to be feasible. We would be >>> grateful if these could be taken into consideration when IS is being built >>> on C5. >>> >>> Thanks, >>> NuwanD. >>> >>> -- >>> Nuwan Dias >>> >>> Software Architect - WSO2, Inc. http://wso2.com >>> email : [email protected] >>> Phone : +94 777 775 729 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Thanks >> Abimaran Kugathasan >> Senior Software Engineer - API Technologies >> >> Email : [email protected] >> Mobile : +94 773922820 >> >> <http://stackoverflow.com/users/515034> >> <http://lk.linkedin.com/in/abimaran> >> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> >> <https://twitter.com/abimaran> >> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Bhathiya Jayasekara* > *Senior Software Engineer,* > *WSO2 inc., http://wso2.com <http://wso2.com>* > > *Phone: +94715478185 <%2B94715478185>* > *LinkedIn: http://www.linkedin.com/in/bhathiyaj > <http://www.linkedin.com/in/bhathiyaj>* > *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* > *Blog: http://movingaheadblog.blogspot.com > <http://movingaheadblog.blogspot.com/>* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks Abimaran Kugathasan Senior Software Engineer - API Technologies Email : [email protected] Mobile : +94 773922820 <http://stackoverflow.com/users/515034> <http://lk.linkedin.com/in/abimaran> <http://www.lkabimaran.blogspot.com/> <https://github.com/abimarank> <https://twitter.com/abimaran>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
