You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@camel.apache.org by GitBox <gi...@apache.org> on 2021/12/14 15:31:11 UTC

[GitHub] [camel-website] zregvart commented on a change in pull request #715: Blog post: A high-security API management infrastructure using Apache…

zregvart commented on a change in pull request #715:
URL: https://github.com/apache/camel-website/pull/715#discussion_r768782747



##########
File path: content/blog/2021/12/api-management-infra/index.md
##########
@@ -0,0 +1,224 @@
+---
+title: "A high-security API management infrastructure using Apache Camel"
+date: 2021-12-13
+authors: [Yang-Xie-OSS]
+categories: ["Usecases"]
+preview: "How a high-security API management infrastructure is implemented using Camel and Keycloak"
+---
+
+I'm an engineer working at the OSS solution center of Hitachi, Ltd. Hitachi, Ltd. is a company that provides IT services & platforms in Japan and other countries. In our organization, OSS solution center, we are working on providing the IT services with the OSS. In my case, I'm working on Keycloak, 3scale and Camel, providing the technical support and considering the use cases of them. And I'm also an open source contributor for Keycloak.
+
+## API management infrastructure
+
+When being used as an API Gateway, Apache Camel (hereinafter called "Camel") can use its various functions like protocol conversion and mash-up to support complex requirements flexibly. By adding Keycloak as an OAuth 2.0 authorization server, we can obtain an API management infrastructure which can also perform API authentication.
+
+### What is Keycloak?
+
+Keycloak is an identity and access management OSS. As an OAuth 2.0 authorization server, Keycloak supports OAuth 2.0 and a part of related standards, that will play a big role in a later chapter.
+
+### Architecture Overview
+
+As shown in the picture below, the API management infrastructure can perform reverse proxy, protocol conversion, data conversion, mash-up, flow control, API documentation publishing and metrics. Besides, it also can perform simple API authorization by token issuance & management that is provided by Keycloak.
+
+{{< image "API-management-infrastructure.png" "API management infrastructure" >}}
+
+## Drawbacks of security
+
+Although the existing API management infrastructure has taken a security measure as token issuance & management, there are also three drawbacks of its security:
+
+1. Inadequate token validation. 
+1. No API access management for each API.

Review comment:
       @oscerd can you elaborate, the point of this project as I understood it to add additional token validation, i.e. test for invalidated tokens. Look at the `Drawback 1: Inadequate token validation` section




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org