Hi, Some references [1, 2, 3] that I think better describe the relationship between APIM & Istio. Differences in the security. For example, API management often uses techniques such as basic HTTP authentication, OAuth and application key/secret pairs to protect exposed APIs. A service mesh is often used to enforce mutual TLS, and introduce granular role-based access control between components within the mesh.
"Istio can already validate JWTs and enforce basic rate limiting. See docs here and here. Those are fine for some use cases (not many unique clients), but you may want to have a system that isn't dependent on CRDs for clients or individual rate limits. To show that, we've released a Mixer adapter that is an integration with our Apigee Edge enterprise API management product. This allows you to use Apigee for, for example, creation of API keys or client IDs (Apigee has a portal in which your customers can create their own credentials self-service) and rate limits. Istio can then enforce the policies defined in the api management system by way of a Mixer adapter." [4] [1] Comparing a service mesh with API management in a microservice architecture by Kim Clark (https://developer.ibm.com/apiconnect/2018/11/13/service-mesh-vs-api-management/) [2] Part 1: Istio Service Mesh and APIConnect/DataPower Gateway integration by Krithika Prakash (https://developer.ibm.com/apiconnect/2018/11/13/part-1-istio-and-apic-datapower-integration/) [3] API and Microservice Management Technical Whitepaper Part 1 (https://developer.ibm.com/apiconnect/2018/07/25/api-connect-istio-side-side-perspective-get-white-paper/) [4] (https://groups.google.com/d/msg/istio-users/zKtk4uswGLQ/obDFaHdhBQAJ) Thanks Youcef HILEM -- Sent from: http://wso2-oxygen-tank.10903.n7.nabble.com/WSO2-Architecture-f62919.html _______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
