On Fri, Sep 1, 2017 at 2:26 PM, Lakmal Warusawithana <[email protected]> wrote:
> Hi Asela, > > From APIM v3, we are going to use standard IS. That mean, thrift will not > support from v3 onward. Since we have WSClient option is supported in the > current APIM and recommended in load balance scenario, IMO fixing this will > not get huge advantages. If we want to fix, #2 will be the easy option. > > WDYT? > > Yes it is fine. Also WSO2IS can probably expose a key validation using thrift, if it can provide better performance figures @IS team any thoughts on this ? Thanks, Asela. > thanks > > On Fri, Sep 1, 2017 at 12:55 PM, Asela Pathberiya <[email protected]> wrote: > >> Hi APIM team, >> >> According to the docs; We are not recommending the thrift protocol to >> communicate with GW and KM when even TCP load balancer is used. >> >> The problem is that; thrift connection must be authenticated & thrift >> session is not replicated among key manager nodes. >> >> IMO; we have three solution for this. >> >> 1. Replicate thrift session in KM nodes >> >> 2. Client side load balancing >> >> 3. Sending authentication credentials from GW to KM in every request. >> This has been implemented in WSO2IS for XACML PDP. You can find the >> details [1] & sample thrift client [2] >> >> We can easily implement approach 3, Shall we consider this for next APIM >> release ? >> >> [1] http://xacmlinfo.org/2014/04/11/thrift-load-balancing/ >> [2] https://svn.wso2.org/repos/wso2/people/asela/xacml/pep/thrift-LB >> >> Thanks, >> Asela. >> >> >> -- >> Thanks & Regards, >> Asela >> >> ATL >> Mobile : +94 777 625 933 <+94%2077%20762%205933> >> +358 449 228 979 >> >> http://soasecurity.org/ >> http://xacmlinfo.org/ >> > > > > -- > Lakmal Warusawithana > Senior Director - Cloud Architecture; WSO2 Inc. > Mobile : +94714289692 <+94%2071%20428%209692> > Blogs : https://medium.com/@lakwarus/ > http://lakmalsview.blogspot.com/ > > > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933 +358 449 228 979 http://soasecurity.org/ http://xacmlinfo.org/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
