On Mon, Jan 16, 2017 at 9:38 AM, Bhathiya Jayasekara <[email protected]> wrote:
> Hi all, > > I'd like to add another related concern here. There can be internal APIs > (server to server) which may not be exposed to the outside. For example, > context loading and subscription loading APIs between API Gateway and API > Core. For them, I don't think we need OAuth or any kind of authorization > mechanism because it simply needs some kind of authentication mechanism > only. I believe we can use mutual SSL for this. But since these APIs are > msf4j services, we will need per-service mutual SSL support from msf4j. > Yes, that makes sense. I don't think we should categorize those as product APIs since they're meant for internal components of the product to communicate with each other. > > Thanks, > Bhathiya > -- Nuwan Dias Software Architect - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
