This covers security with APIc/gateway. It goes over high-level concepts and what IBM APIc can offer, this covers 2018, and v10 of the product
Note: this is from a presentation from a year or so ago, with some updates to the link
This is covered during the tech conference. It covers high-level security. The best practice for deployment for gateway (what was known as last-mile) is covered at the end.
IBM API Connect is a Comprehensive API Solution. It is an integrated creation, runtime, management, and security foundation for enterprise grade API’s and Microservices to power modern digital applications.
In this webinar,
API Management Concepts
IBM API Connect overview and features
Kellton Tech’s API Strategy with IBM API Connect.
Technology: IBM API Connect 5.0
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
IBM APIc ships a set of policy. However you can extend those capabilities by creating your own policy. This gives step by step on how that can be done, it also provides a template to help you jump start the process.
This is covered during the tech conference. It covers high-level security. The best practice for deployment for gateway (what was known as last-mile) is covered at the end.
IBM API Connect is a Comprehensive API Solution. It is an integrated creation, runtime, management, and security foundation for enterprise grade API’s and Microservices to power modern digital applications.
In this webinar,
API Management Concepts
IBM API Connect overview and features
Kellton Tech’s API Strategy with IBM API Connect.
Technology: IBM API Connect 5.0
How to create a User Defined Policy with IBM APIc (v10)Shiu-Fun Poon
IBM APIc ships a set of policy. However you can extend those capabilities by creating your own policy. This gives step by step on how that can be done, it also provides a template to help you jump start the process.
IBM DataPower Gateway appliances are used in a variety of user scenarios to enable security, control, integration and optimized access for a range of workloads including Mobile, Web, API, B2B, Web Services and SOA. This presentation from the IBM DataPower team provides an in-depth look at each use case.
In this deck, I cover all the new exciting security feature we have in both gateway and APIC.
We are excited about the new features, and how they can be used to help protect the customer's deployment environment.
How to migrate an application in IBM APIc, and preserve its client credentialShiu-Fun Poon
This provides the rest and toolkit command on how to migrate an application from one environment to another without know the client_secret in the plaintext format.
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
APIs have revolutionized how companies build new marketing channels, access new customers, and create ecosystems. Enabling all this requires the exposure of APIs to a broad range of partners and developers—and potential threats.
Learn more about the latest API security issues.
Extend access and digitally transform existing data to new dynamic API cloud services. Increase speed to market. Drive innovation. Create new business models.
This slide deck explores:
- WSO2 API Manager
- WSO2 Enterprise Integrator
- Component Architectures of the Products
- Deployment of products and scaling
- API facade pattern and other ways of Mediation
- API Security
Find out where we are heading next here: https://wso2.com/events/
IBM DataPower Gateway appliances are used in a variety of user scenarios to enable security, control, integration and optimized access for a range of workloads including Mobile, Web, API, B2B, Web Services and SOA. This presentation from the IBM DataPower team provides an in-depth look at each use case.
In this deck, I cover all the new exciting security feature we have in both gateway and APIC.
We are excited about the new features, and how they can be used to help protect the customer's deployment environment.
How to migrate an application in IBM APIc, and preserve its client credentialShiu-Fun Poon
This provides the rest and toolkit command on how to migrate an application from one environment to another without know the client_secret in the plaintext format.
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
Building APIs is not just about technology. APIs enable many new business opportunities, but only if done correctly. Enter API Management platforms to provide the building blocks behind a successful API program. As a result of lucrative opportunities, many Software vendors have emerged or pivoted from their SOA management roots to provide API Management capabilities.
In this session, Kent will introduce you to Microsoft’s Azure API Management platform by providing an overview that highlights its capabilities and the opportunities that emerge for organizations. As part of this presentation, Kent will demonstrate how developers can create their first API and discuss strategies for transforming existing services to leverage Azure API Management.
This presentation will consist of general guidance on API Management, an Azure API Management portal walk-through and demos that re-enforce the concepts that were introduced.
APIs have revolutionized how companies build new marketing channels, access new customers, and create ecosystems. Enabling all this requires the exposure of APIs to a broad range of partners and developers—and potential threats.
Learn more about the latest API security issues.
Extend access and digitally transform existing data to new dynamic API cloud services. Increase speed to market. Drive innovation. Create new business models.
This slide deck explores:
- WSO2 API Manager
- WSO2 Enterprise Integrator
- Component Architectures of the Products
- Deployment of products and scaling
- API facade pattern and other ways of Mediation
- API Security
Find out where we are heading next here: https://wso2.com/events/
The Best of Both Worlds: Introducing WSO2 API Manager 4.0.0WSO2
APIs now serve as the primary building blocks for assembling data, events, and services from within the organization, throughout ecosystems, and across devices. Integrated legacy systems and support for modern event-driven architectures, on the other hand, are critical in allowing timely, relevant digital experiences in response to customer behavior. To support these demands, WSO2 has added significant new capabilities to WSO2 API Manager 4.0.0.
Complete support for streaming APIs and event-driven architecture (EDA)
The first solution to support full implementation of the AsyncAPI specification
A Service Catalog to enable developers to discover a given service seamlessly
API / API product revisioning to keep track of the changes
Feature-rich, cloud-based analytics for easy integration
You will gain a full understanding of WSO2 API Manager 4.0.0 features and how they cater to current API Management demands by attending this webinar.
DURING THE WEBINAR, WE WILL COVER:
Experience the power and synergy of Service Integration and API Management in a fully functional API ecosystem
Understand the motivation behind WSO2 API Manager 4.0.0 release
New streaming and event-driven architecture support available in API Manager 4.0.0
Learn the importance of catering all API Management and integration demands with one connected platform
Explore other new features and enhancements to the product
Jamie Nelson, VP of Engineering, ForgeRock
John Barco, VP of Product Management, ForgeRock
The digital transformation freight train is here which means the platform requirements are changing.
This session presents how the ForgeRock platform will evolve moving forward to address requirements
of the new interconnected IRM universe.
42Crunch Security Audit for WSO2 API Manager 3.1WSO2
API Security has become an important concern in recent times as organizations are more cautious about exposing raw, sensitive data via APIs. Therefore, it is important that APIs adhere to the OpenAPI Specification (OAS) to ensure API security.
WSO2 has partnered with 42Crunch, to bring in the ability to conduct a security audit on the OpenAPI Specification definition, and to obtain an audit report.
The WSO2 API Manager 3.1 brings a lot of interesting features, including the ability to run 42Crunch’s audit tool directly from the API Publishing portal.
In this webinar, we will:
- Explain the advantages of introducing security at design time
- Introduce the 42Crunch audit functionality
- Explain how 42Crunch and WSO2 API Manager can be used together for better API Security
Dive into a reference architecture that demonstrates the patterns and practices for securely connecting microservices together using Apigee Edge integration for Pivotal Cloud Foundry.
We will discuss:
- basics for building cloud-native applications as microservices on - Pivotal Cloud Foundry using Spring Boot and Spring Cloud Services
- patterns and practices that are enabling small autonomous microservice teams to provision backing services for their applications
- how to securely expose microservices over HTTP using Apigee Edge for PCF
Watch the webcast here: https://youtu.be/ETT6WP-3me0
API Management and microservices architecture
What are the key benefits of microservices architecture?
How do Axway products simplify and secure microservices architecture?
WSO2- OSC Korea - Accelerating Digital Businesses with APIsWSO2
APIs are taking over every vertical out there with its standards, reusability, and simplicity that are required to operate in the present world. However as the number of APIs grows along with the users who access and use these APIs, the need for proper management and governance is required more than ever.
API Gateways are going through an identity crisisChristian Posta
API Gateways provide functionality like rate limiting, authentication, request routing, reporting, and more. If you've been following the rise in service-mesh technologies, you'll notice there is a lot of overlap with API Gateways when solving some of the challenges of microservices. If service mesh can solve these same problems, you may wonder whether you really need a dedicated API Gateway solution?
The reality is there is some nuance in the problems solved at the edge (API Gateway) compared to service-to-service communication (service mesh) within a cluster. But with the evolution of cluster-deployment patterns, these nuances are becoming less important. What's more important is that the API Gateway is evolving to live at a layer above service mesh and not directly overlapping with it. In other words, API Gateways are evolving to solve application-level concerns like aggregation, transformation, and deeper context and content-based routing as well as fitting into a more self-service, GitOps style workflow.
In this talk we put aside the "API Gateway" infrastructure as we know it today and go back to first principles with the "API Gateway pattern" and revisit the real problems we're trying to solve. Then we'll discuss pros and cons of alternative ways to implement the API Gateway pattern and finally look at open source projects like Envoy, Kubernetes, and GraphQL to see how the "API Gateway pattern" actually becomes the API for our applications while coexisting nicely with a service mesh (if you adopt a service mesh).
Digital is disrupting the physical world with new business models. In this presentation from SOA Software VP of Product Marketing, Sachin Agarwal, learn how APIs are used to drive new digital channels securely and safely.
API Management within a Microservice ArchitectureWSO2
This slide deck will discuss API management's role in a microservices ecosystem. It will discuss the purpose of edge gateways and proxies and how that complements a well defined API management layer.
GraphQL is widely adapted. As it becomes more popular, there are security considerations for hosting GraphQL services. In this, I cover a set of good practices and ideas that can be used to protect this exciting technology
DataPower can help protect against DoS/DDoS. This was created a while back, content is still valid for the DP. Update a little to call out some newer features.
This covers the discussions that I have with my teams and customers. Whenever someone states one is better over the others always make me concern. As there are pros and cons to each solutions. And depends on the circumstance and constraints that the solution needs to address, sometimes a combination of both solutions would work best. This deck breaks down how I see this problem space, and based on the experiences on having to implement both solutions with OAuth/OIDC/SAML/payload filter and varies discussions with customers/collegeas/experts.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
2. TRADEMARK ACKNOWLEDGEMENTS
• IBM, IBM API Connect, IBM DataPower Gateway are trademarks of International Business
Machines Corporation, registered in many jurisdictions
• Other company, product and service names may be trademarks, registered marks or service
marks of their respective owners. A current list of IBM trademarks is available on the web at
"Copyright and trademark information" ibm.com/legal/copytrade.html
7. APIC UNDER THE HOOK
• Internal services communicating vs mTLS
• Quorum, with 3 being the magic number
• APIc is the match maker, it introduces each subsystem to each others
• APIM, Portal, Analytics, Gateway
• How does APIM <-> Portal
• How does APIM <-> Analytics
• How does APIM <-> Gateway
• How does Portal <-> Analytics
• How does Gateway <-> Analytics
• Configurable, extensible
11. API MANAGER
• API are published
• Publish in openapi v2 format
• apim vs consumer
• WebGUI/toolkits/portal/BYO
• RateLimit
Drinking Our Own Champagne
Get an access_token
access_token must contain the right scope
Permission is checked
Is token valid
Token contains necessary scope ?
Does User has the proper permission ?
12. HARDENED PORTAL SECURITY
Supports OpenID Connect for
accelerated developer on-boarding and
social login
Enable PSD2/ Open Banking
compliance to programmatically onboard
consumers using REST Management APIs
and OpenID Connect
Enhanced spam protection against
spam bots with CAPTCHA and honeypot
Detect and prevent malicious attacks
with perimeter and DNS check
Detect and prevent flood attacks
14. APIMANAGER WITH GATEWAY
• Gateway must be 24 * 7 (without API manager)
• API gateway introduce a gateway director manager
• Using clustering technology to track configuration from APIM
• Heartbeat from APIm to make sure Gateway will have the latest information
• 911 protocol to handle catastrophic failure
• Provides the status of how where the configuration with regard to the update from the APIm
• Gateway director allows auto scaling of the additional gateway
• Configuration/Key Materials
• State of the processing
15. • Istio Integration for improved performance & security by
passing API header and tokens into Istio
• Open API V3 support to meet security industry standards (i.e.
PSD2) & improve reuse
• OpenBanking & PSD2 Compliant including flexible JWT and
OAuth features
• 5X Improved Performance with cloud-native API-centric
Gateway Service
• Fast Time to Value through Out of the Box policies for API
Gateway Service
• Enterprise Specific Security Support through OAuth flow
customization
• Expanded Security with OIDC, CAPTCHA, Perimeter, DNS
check on Portal, etc.
Performant and Secure
16. SECURE & MANAGE GRAPHQL ENDPOINTS
Next-Gen evolution of Gateway technology
beyond Web services and REST with GraphQL
support
Secure and Manage APIs with GraphQL
backends, efficiently managing compute intensive
services
Threat Protection against cyberattacks using
advance query complexity analysis to prevent API-
based attacks
Rate Limit GraphQL queries with consumer plans
based on number of API calls & backend compute
time
https://www.ibm.com/blogs/research/2019/02/graphql-api-management/
https://developer.github.com/v4/guides/resource-limitations/
17. 1. Access Control
• Who can access the data and what data
• APIc
• Client credential (application)
• User credential (who)
2. Load Control
• How much effort for the server to fulfill the request
• Complexity
• Type (object type)
• Resolve
GraphQL Endpoints security breakdown
18. Up to 5X+ increased performance with natively built
API Gateway using purpose-built technology for native
OpenAPI/Swagger REST and SOAP APIs
Multi-cloud scalability and extensibility to help
meet SLAs and improve client user experience
Optimized drag & drop built-in policies for security,
traffic control and mediation including flexible OAuth,
enhanced JSON & XML threat protection
Secure to the core with self-contained signed &
encrypted image to minimize risk, plus proven security
policies to quickly protect APIs
Before: DP Multi protocol
Gateway Service
API call Backend
New: Native API
Gateway Service
API call Backend
CLOUD-NATIVE API GATEWAY SERVICE IN DATAPOWER
API GW service
19. POLICIES FOR ENFORCEMENT ON API GATEWAY SERVICE
Gateway Script and XSLT policy support
provides flexible message mediation & dynamic
security enforcement
Dynamic Routing support through Conditional
Policy
Enforce strong security through Parse, JSON
and XML Schema Validation policy
OpenID Connect support to enable banks to
meet PSD2 / Open Banking regulations
OAuth Token revocation to enable self-service
token management
Foundational Security Mediation
Invoke API Key Map
Activity Log JWT Validate JSON-XML
Rate Limit JWT Generate Gateway Script
Throw OAuth Policy XSLT
Set Variable Parse
(Threat Detection)
Conditional Validate
User Security
OpenID Connect
Built-in policies
20. Rapid OAuth policy creation to quickly
create OAuth provider security without deep
security expertise
Improved governance capabilities on
managing OAuth providers with flexible
administrative access control to enforce
enterprise standards
Ability to meet business demands with
customizable OAuth assembly
New User Security policy to enforce
authentication & authorization in API
assembly, adapting to unique enterprise
security needs
MEETING SECURITY NEEDS THROUGH NEW FLEXIBLE OAUTH
PROVIDER
21. FEATURE LIST OF OAUTH IN APIC V5, V2018+V5GW,
V2018+APIGW
Features V4 V5 v2018 +V5 CompatGW v2018 + APIGW
Basic OAuth Support ✅ ✅ ✅ ✅
Distinct Client ids and Secrets ⤫ ✅ ✅ ✅
Separate API ⤫ ✅ ✅ ✅
Access Control ⤫ ⤫ ✅ ✅
Seamless packaging within product ✅ ⤫ ✅ ✅
Tight coupling with Provider ⤫ ⤫ ✅* ✅
Metadata,Token introspection, Revocation/Token
Management,Advanced scope handling
⤫ ✅ ✅ ✅
Customize OAuth Assembly ⤫ ⤫ ⤫ ✅
Dynamic configuration updates ⤫ ⤫ ** ⤫ ** ✅
Context variable driven ⤫ ⤫ ⤫ ✅
Independent Resource Owner Security ⤫ ⤫ ⤫ ✅
Out of the box OIDC support ⤫ ⤫ *** ⤫ *** ✅
Out of the box JWT Authorization Grant ⤫ ⤫ ** ⤫ ** ✅
* Tight coupling is only at the APIManager API level, not in the backendV5 Gateway
** Can be done with gateway extension
*** Supported by a set of rule in the assembly
22. Rapid OAuth policy creation to quickly create OAuth
provider security without deep security expertise
Improved governance capabilities on managing
OAuth providers with flexible administrative access
control to enforce enterprise standards
Ability to meet business demands with
customizable OAuth assembly
New User Security policy to enforce authentication &
authorization in API assembly, adapting to unique
enterprise security needs
MEETING SECURITY NEEDS THROUGH NEW FLEXIBLE
OAUTH PROVIDER
25. CUSTOMIZABLE
EASE OF USE
• Crypto material on per OAuth native provider (vs gateway level)
• End user credential gathering (context variable) *
• Consent handling
• Global Policy (and thus inject context variable for processing) *
• Token handling (allow listing vs stateless)
• Flexibility
• ….
26. WHAT SHOULD I DO
• Monitoring IBM PSIRT for IBM APIC, IBM DataPower
• https://www.ibm.com/security/secure-engineering/process.html
• Timely upgrade/migration to a new version of firmware
• Balance your security needs vs platform offered (hardware vs ova vs docker vs ..)
• How about cloud ? ICP ?
• APIC Connect White Paper: https://www.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=03023503USEN&
(
• Security vs ease of use vs compatibility
• Performance/usage spike
• HA (rule of 3)
• Stateless (especially across Availability Zone)
27. GATEWAY SPECIFIC
• Is WebGUI needed for production
• Automate deployment (which APIc solves)
• Monitoring gateway (DataPower Operations Dashboard)
• Backup administrator
• ACL
• mTLS with your backend services
• Message validation
• Payload redact
• SLM
• AllowList vs BlockList
28. FROM YOU, OUR AUDIENCES
• Your feedbacks ?
• What would you like to see ?
• What can you share with each others on your experience ? Good or Bad