Hi Ziyam, Thanks for the clarification. As I understand [1],Client Authentication is achieved through Mutual SSL, which means that when creating a subscription each client app should be able to upload their certificate, isn't it? And are there any management APIs in Kafka that allows applying ACLs and uploading certificates, or do we plan to do it manually?
[1] https://kafka.apache.org/20/documentation/streams/developer-guide/security.html On Wed, Aug 5, 2020 at 3:39 PM Ziyam Santhosh (Intern) <[email protected]> wrote: > Hi Amila! > Basically Kafka topics and streams have their own security policies > applied through certificates which determine what users can do with those > topics such as read-only or read and write authorities. Our developer > portal will be the issuer of these certificates. These certificates will be > issued to people who have a valid subscription to the API. > > On Wed, Aug 5, 2020 at 8:04 AM Nuwan Dias <[email protected]> wrote: > >> [Adding Frank and Vanji] >> >> On Tue, Aug 4, 2020 at 5:05 PM Amila De Silva <[email protected]> wrote: >> >>> Hi Ziyam, >>> >>> On Tue, Aug 4, 2020 at 1:48 PM Nuwan Dias <[email protected]> wrote: >>> >>>> [Adding Frank and Vanji] >>>> >>>> On Tue, Aug 4, 2020 at 1:26 PM Ziyam Santhosh (Intern) <[email protected]> >>>> wrote: >>>> >>>>> Introduction to AsyncAPI specification >>>>> >>>>> *Nowadays, AsyncAPI is one of the most popular topics in the world of >>>>> event-driven APIs. Earlier, There was a need for a tool to specify and >>>>> document the event-driven APIs where OpenAPI specifications are restricted >>>>> only to document REST APIs. Then after, AsyncAPI specification was >>>>> introduced to document the specifications for event-driven APIs. There are >>>>> many similarities between OpenAPI specifications and AsyncAPI >>>>> specifications because AsyncAPI was inspired by OpenAPI. Keywords can be >>>>> mentioned as one of the major differences between them. (Eg: The endpoints >>>>> of the REST API are called as paths and endpoints of Event-driven API are >>>>> called as channels).*Why AsyncAPI for WSO2 API Manager? >>>>> >>>>> *AsyncAPI specification helps to understand the defined APIs for both >>>>> humans and machines. This makes it more special to be used by most of the >>>>> developers. Enabling the usage of AsyncAPI specifications in WSO2 API >>>>> manager will help our developers and consumers to easily work with >>>>> event-driven APIs within our product.*Objectives of the project >>>>> >>>>> 1. >>>>> >>>>> Users will be able to use existing Websocket or Kafka endpoints to >>>>> create event-driven APIs by importing their AsyncAPI specifications. >>>>> 2. >>>>> >>>>> Application developers will be able to subscribe to those >>>>> event-driven APIs and be allowed to consume WebSockets and Kafka >>>>> streams. >>>>> >>>>> Importing AsyncAPI specifications >>>>> >>>>> *API Manager already supports WebSockets. After the implementation of >>>>> this project, A WebSocket can be easily created by importing its AsyncAPI >>>>> specification. Kafka is a distributed streaming platform which helps to >>>>> build event-driven applications. These applications may have event-driven >>>>> APIs. These APIs which are created using Kafka protocols can be described >>>>> using AsyncAPI specifications. By importing these specifications into the >>>>> APIM, we can enable the application developers to consume Kafka streams by >>>>> subscribing to these APIs. This will be a new feature for our APIM.* >>>>> Subscribing to event-driven APIs >>>>> >>>>> When an application developer subscribes to consume a WebSocket API, >>>>> that particular WebSocket API’s proxy will be created in our API Gateway. >>>>> So the gateway endpoint of that API will be used by the consumer. But, >>>>> when >>>>> a consumer subscribes for a Kafka endpoint API, there won’t be any >>>>> mediator >>>>> like API gateway between them. The Kafka endpoint itself will be used by >>>>> the consumer. Still, not all Kafka Streams are free to use. There are >>>>> security policies for some Kafka Streams which require certificates to use >>>>> those streams. WSO2 APIM will be the provider of those certificates for >>>>> our >>>>> consumers to subscribe to the Kafka streams. >>>>> >>>> So if this was correctly understood, only WebSocket APIs will be >>> secured and Throttled through the Gateway, Kafka Streams are only >>> registered as APIs to make them more discoverable (and maybe Kafka Streams >>> are only exposed as internal APIs). Application on DevPortal is only needed >>> when consuming the WebSocket API. >>> If the above is correct, the part about APIM providing certificates to >>> consume Kafka streams isn't clear. Can you please explain that a bit? >>> >>>> >>>>> >>>>> >>>>> >>>>> Regards,-- >>>>> *Ziyam Santhosh* >>>>> Software Engineering Intern | WSO2 >>>>> >>>>> Email: [email protected] >>>>> Mobile: +94752204021 >>>>> Web: http://wso2.com >>>>> [image: http://wso2.com/signature] <http://wso2.com/signature> >>>>> >>>> >>>> >>>> -- >>>> *Nuwan Dias* | Senior Director | WSO2 Inc. >>>> (m) +94 777 775 729 | (e) [email protected] >>>> _______________________________________________ >>>> Architecture mailing list >>>> [email protected] >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>> >>> >>> -- >>> *Amila De Silva* >>> Software Architect | Associate Director, Engineering - WSO2 Inc. >>> (m) +94 775119302 | (e) [email protected] >>> <http://wso2.com/signature> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >> >> >> -- >> *Nuwan Dias* | Senior Director | WSO2 Inc. >> (m) +94 777 775 729 | (e) [email protected] >> > > > -- > *Ziyam Santhosh* > Software Engineering Intern | WSO2 > > Email: [email protected] > Mobile: +94752204021 > Web: http://wso2.com > [image: http://wso2.com/signature] <http://wso2.com/signature> > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- *Amila De Silva* Software Architect | Associate Director, Engineering - WSO2 Inc. (m) +94 775119302 | (e) [email protected] <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
