zregvart commented on a change in pull request #715:
URL: https://github.com/apache/camel-website/pull/715#discussion_r768782747
##########
File path: content/blog/2021/12/api-management-infra/index.md
##########
@@ -0,0 +1,224 @@
+---
+title: "A high-security API management infrastructure using Apache Camel"
+date: 2021-12-13
+authors: [Yang-Xie-OSS]
+categories: ["Usecases"]
+preview: "How a high-security API management infrastructure is implemented
using Camel and Keycloak"
+---
+
+I'm an engineer working at the OSS solution center of Hitachi, Ltd. Hitachi,
Ltd. is a company that provides IT services & platforms in Japan and other
countries. In our organization, OSS solution center, we are working on
providing the IT services with the OSS. In my case, I'm working on Keycloak,
3scale and Camel, providing the technical support and considering the use cases
of them. And I'm also an open source contributor for Keycloak.
+
+## API management infrastructure
+
+When being used as an API Gateway, Apache Camel (hereinafter called "Camel")
can use its various functions like protocol conversion and mash-up to support
complex requirements flexibly. By adding Keycloak as an OAuth 2.0 authorization
server, we can obtain an API management infrastructure which can also perform
API authentication.
+
+### What is Keycloak?
+
+Keycloak is an identity and access management OSS. As an OAuth 2.0
authorization server, Keycloak supports OAuth 2.0 and a part of related
standards, that will play a big role in a later chapter.
+
+### Architecture Overview
+
+As shown in the picture below, the API management infrastructure can perform
reverse proxy, protocol conversion, data conversion, mash-up, flow control, API
documentation publishing and metrics. Besides, it also can perform simple API
authorization by token issuance & management that is provided by Keycloak.
+
+{{< image "API-management-infrastructure.png" "API management infrastructure"
>}}
+
+## Drawbacks of security
+
+Although the existing API management infrastructure has taken a security
measure as token issuance & management, there are also three drawbacks of its
security:
+
+1. Inadequate token validation.
+1. No API access management for each API.
Review comment:
@oscerd can you elaborate, the point of this project as I understood it
to add additional token validation, i.e. test for invalidated tokens. Look at
the `Drawback 1: Inadequate token validation` section
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
