IMO we will need to have two interceptor layers. One for the carbon-apimgt
repo and another for the carbon-auth repo. The interceptor in the
carbon-apimgt layer will have to solely rely on the KeyManager interface.
The default implementation of the KeyManager interface will have to rely on
the functionalities offered by the authenticators in the carbon-auth repo.
The interceptors in the carbon-auth repo will solely rely on the
authenticators in its own repo. It'll be only the authenticators that will
know how to create and validate keys and tokens.

On Fri, Feb 23, 2018 at 1:04 PM, Harsha Kumara <hars...@wso2.com> wrote:

> As per the @Bhathiya, we can separate the IDP and KeyManager interfaces
> separately. With current state, it's possible to plug a third-party key
> manager without affecting to REST API security.
>
> On Thu, Feb 22, 2018 at 6:15 PM, Pubudu Gunatilaka <pubu...@wso2.com>
> wrote:
>
>> Hi Harsha,
>>
>> On Thu, Feb 22, 2018 at 5:33 PM, Harsha Kumara <hars...@wso2.com> wrote:
>>
>>> Hi All,
>>>
>>> This is to discuss the security of REST APIs exposed from carbon-auth
>>> and carbon-apimgt components. We are mainly using OAuth as primary
>>> protection for the REST APIs and scopes are used as the authorization
>>> purposes. Currently following APIs are exposed from the components lies in
>>> these two main repositories.
>>>
>>> *carbon-apimgt*
>>>
>>> Protected APIs with OAuth
>>> -  /api/am/publisher/v1.0 - Publisher REST APIs
>>> -  /api/am/store/v1.0  - Store REST APIs
>>> - /api/am/admin/v1.0 - Admin REST APIs
>>> - /api/am/analytics/v1.0 - Analytic REST APIs
>>>
>>>
>> We have another REST API called core API (/api/am/core/v1.0) which is for
>> internal server communications. This is planned to secure by mutual ssl.
>>
>> Thank you!
>> --
>> *Pubudu Gunatilaka*
>> Committer and PMC Member - Apache Stratos
>> Senior Software Engineer
>> WSO2, Inc.: http://wso2.com
>> mobile : +94774078049 <%2B94772207163>
>>
>>
>
>
> --
> Harsha Kumara
> Software Engineer, WSO2 Inc.
> Mobile: +94775505618 <+94%2077%20550%205618>
> Blog:harshcreationz.blogspot.com
>



-- 
Nuwan Dias

Software Architect - WSO2, Inc. http://wso2.com
email : nuw...@wso2.com
Phone : +94 777 775 729
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture

Reply via email to