Hi Sanjula, Thanks for the response. Please see my comments below.
On Wed, Jul 31, 2019 at 2:18 PM Sanjula Madurapperuma <sanj...@wso2.com> wrote: > Hi Chanaka, > > On Mon, Jul 29, 2019 at 11:04 AM Chanaka Fernando <chana...@wso2.com> > wrote: > >> >> - According to the diagram, we integrate with this 42Crunch security >> audit platform at the time of the "design" phase. Based on our current >> implementation, at the "Design" phase, we have not added security, >> throttling, mediation or endpoint security capabilities into the API. If >> we >> go down the path of "Creating an API from Scratch", we only have the >> information like API name, context, methods, versioning, etc. at the >> design >> phase. At this point, doing an audit on security, transports would be >> premature since we haven't enabled them yet. Could you please explain the >> reasoning behind this? >> >> With regards to this concern, the Security Audit feature will be > accessible to the user not at the creation of the API but at any stage > afterward when the user needs to edit the definition of the API. In the new > API Manager (v.3.0) we don't need to worry about the wizard, specifically, > the Design, Implement and Manage tabs when creating an API because, in the > new version, API creation is made to have a minimalistic design for the > user to easily create an API. There is a separate section named "API > Definition" after API creation where the Security Audit feature will be > accessible. > My comment was based on the diagram you had in your email. That didn't mention anything about APIM 3.0, minimalistic design, etc. That diagram depicted that you are doing the audit at the design phase. If your implementation is different than that, please update the diagram and share that in this thread so that everyone understands what is actually implemented. > > >> - With the new microgateway and CI/CD based approaches, having a >> similar capability through our CLI tool would be a great feature to have. >> Do we have any plans on integrating this capability into our CLI tool? >> >> When it comes to the possibility of having a similar capability through > the CLI tool as the report is mainly UI based, certain adaptations and > dropping of incompatible features will have to be performed in order to do > such an integration. > Understood. If they have a way of getting this report as a file, we should be able to utilize that within the CLI. > Thanks, > Sanjula > > -- > *Sanjula Madurapperuma* | Software Engineering Intern | WSO2 Inc. > (m) +94 768877766 | (e) sanj...@wso2.com > <http://wso2.com/signature> > -- Thank you and Best Regards, *Chanaka Fernando* | Associate Director | WSO2 Inc. (m) +94 773337238 | (w) +94 112145345 | (e) chana...@wso2.com <http://wso2.com/signature>
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
