Hi Isuru, On Fri, Jan 27, 2017 at 7:25 AM, Isuru Haththotuwa <[email protected]> wrote:
> > > On Thu, Jan 12, 2017 at 5:12 PM, Nuwan Dias <[email protected]> wrote: > >> >> >> On Wed, Jan 11, 2017 at 6:40 PM, Bhathiya Jayasekara <[email protected]> >> wrote: >> >>> Hi all, >>> >>> Up to APIM 2.x.x (C4 implementation), APIM had its own key management >>> component, and subscription validation was done by that component when a >>> token validation request is received to the keymanager. But with C5 >>> implementation, a vanilla Identity Server will be acting as the keymanager. >>> Because of that, we can't do subscription validation at keymanger anymore. >>> >>> >>> Therefore, with C5, the plan is to do the subscription validation at >>> gateway itself. But, since gateways don't have direct access to the >>> database (as it should be able to run in DMZ), we should have a way to get >>> subscription data to gateway nodes. Here is the suggested design. >>> >>> Gateways can receive subscription data in 2 ways. >>> >>> 1) Load all subscription data at server startup >>> >>> For this, APIM Core component will have a service to return all >>> subscriptions of all APIs. >>> >> >> I think this API should accept the number of Subs to load on startup. In >> the initial version we will support 0 and all only. 0 being the default >> (which means we load Subs on demand). Moving forward we can enhance this by >> using different policies such as 'most recent', 'most used', etc. >> > May not need to address in the initial implementation, but IMHO if we are > going to give an option to load all subscriptions at startup, should > consider the impact on the startup time as well; either make it async or > consider loading only a skeleton of a Subscription at startup, and then > load other details when required. > Subscription data is a set of key-value pairs. So it's kind of hard to define a summary(or a skeleton) of it. And once we can let users to define a policy and a limit as nuwan suggested, they can set it as per the performace requirement they have. But as you have suggested, we can test this for performance and make it async if required. Thanks, Bhathiya > >>> 2) Load subscription data on-demand depending on the API requests it >>> receives. >>> >>> For this, APIM Core component will have a service to return >>> subscriptions of a given API. >>> >>> In either case, gateways store received subscription data in an >>> in-memory data structure. Therefore, gateways should receive subscription >>> updates (new subscriptions/unsubscribe notifications etc.) too. We are >>> planning to do this using a JMS topic. (This will not be limited to JMS and >>> will be configurable later.) When there are any updates to subscriptions, >>> APIM Core component will add that information to a topic, to which gateways >>> are subscribed to. Then gateways can update their subscription data which >>> they have stored in memory. >>> >>> Then we will have a handler at the gateway (most probably the Key >>> validation handler itself) to use stored subscription data to validate >>> subscriptions of incoming requests. >>> >>> >>> Note: The subscription data received by the gateway from APIM core will >>> contain certain API and Application related information as well. The reason >>> is that we have decided to generate JWT tokens at gateway nodes. So we need >>> those data to include in the JWT. >>> >>> Thanks, >>> -- >>> *Bhathiya Jayasekara* >>> *Senior Software Engineer,* >>> *WSO2 inc., http://wso2.com <http://wso2.com>* >>> >>> *Phone: +94715478185 <+94%2071%20547%208185>* >>> *LinkedIn: http://www.linkedin.com/in/bhathiyaj >>> <http://www.linkedin.com/in/bhathiyaj>* >>> *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* >>> *Blog: http://movingaheadblog.blogspot.com >>> <http://movingaheadblog.blogspot.com/>* >>> >> >> >> >> -- >> Nuwan Dias >> >> Software Architect - WSO2, Inc. http://wso2.com >> email : [email protected] >> Phone : +94 777 775 729 <077%20777%205729> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Thanks and Regards, > > Isuru H. > +94 716 358 048 <071%20635%208048>* <http://wso2.com/>* > > > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Bhathiya Jayasekara* *Senior Software Engineer,* *WSO2 inc., http://wso2.com <http://wso2.com>* *Phone: +94715478185* *LinkedIn: http://www.linkedin.com/in/bhathiyaj <http://www.linkedin.com/in/bhathiyaj>* *Twitter: https://twitter.com/bhathiyax <https://twitter.com/bhathiyax>* *Blog: http://movingaheadblog.blogspot.com <http://movingaheadblog.blogspot.com/>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
