IMO we will need to have two interceptor layers. One for the carbon-apimgt repo and another for the carbon-auth repo. The interceptor in the carbon-apimgt layer will have to solely rely on the KeyManager interface. The default implementation of the KeyManager interface will have to rely on the functionalities offered by the authenticators in the carbon-auth repo. The interceptors in the carbon-auth repo will solely rely on the authenticators in its own repo. It'll be only the authenticators that will know how to create and validate keys and tokens.
On Fri, Feb 23, 2018 at 1:04 PM, Harsha Kumara <[email protected]> wrote: > As per the @Bhathiya, we can separate the IDP and KeyManager interfaces > separately. With current state, it's possible to plug a third-party key > manager without affecting to REST API security. > > On Thu, Feb 22, 2018 at 6:15 PM, Pubudu Gunatilaka <[email protected]> > wrote: > >> Hi Harsha, >> >> On Thu, Feb 22, 2018 at 5:33 PM, Harsha Kumara <[email protected]> wrote: >> >>> Hi All, >>> >>> This is to discuss the security of REST APIs exposed from carbon-auth >>> and carbon-apimgt components. We are mainly using OAuth as primary >>> protection for the REST APIs and scopes are used as the authorization >>> purposes. Currently following APIs are exposed from the components lies in >>> these two main repositories. >>> >>> *carbon-apimgt* >>> >>> Protected APIs with OAuth >>> - /api/am/publisher/v1.0 - Publisher REST APIs >>> - /api/am/store/v1.0 - Store REST APIs >>> - /api/am/admin/v1.0 - Admin REST APIs >>> - /api/am/analytics/v1.0 - Analytic REST APIs >>> >>> >> We have another REST API called core API (/api/am/core/v1.0) which is for >> internal server communications. This is planned to secure by mutual ssl. >> >> Thank you! >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Senior Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> > > > -- > Harsha Kumara > Software Engineer, WSO2 Inc. > Mobile: +94775505618 <+94%2077%20550%205618> > Blog:harshcreationz.blogspot.com > -- Nuwan Dias Software Architect - WSO2, Inc. http://wso2.com email : [email protected] Phone : +94 777 775 729
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
