As per the @Bhathiya, we can separate the IDP and KeyManager interfaces
separately. With current state, it's possible to plug a third-party key
manager without affecting to REST API security.
On Thu, Feb 22, 2018 at 6:15 PM, Pubudu Gunatilaka <pubu...@wso2.com> wrote:
> Hi Harsha,
> On Thu, Feb 22, 2018 at 5:33 PM, Harsha Kumara <hars...@wso2.com> wrote:
>> Hi All,
>> This is to discuss the security of REST APIs exposed from carbon-auth and
>> carbon-apimgt components. We are mainly using OAuth as primary protection
>> for the REST APIs and scopes are used as the authorization purposes.
>> Currently following APIs are exposed from the components lies in these two
>> main repositories.
>> Protected APIs with OAuth
>> - /api/am/publisher/v1.0 - Publisher REST APIs
>> - /api/am/store/v1.0 - Store REST APIs
>> - /api/am/admin/v1.0 - Admin REST APIs
>> - /api/am/analytics/v1.0 - Analytic REST APIs
> We have another REST API called core API (/api/am/core/v1.0) which is for
> internal server communications. This is planned to secure by mutual ssl.
> Thank you!
> *Pubudu Gunatilaka*
> Committer and PMC Member - Apache Stratos
> Senior Software Engineer
> WSO2, Inc.: http://wso2.com
> mobile : +94774078049 <%2B94772207163>
Software Engineer, WSO2 Inc.
Architecture mailing list