Identity and security in api gateway architecture


#1

hi folks,
i´m peter, based in berlin germany, brand new to tyk, but a little longer into soa, api economy and gateway technology. so i would like to get an impression to understand tyk a little better and maybe start a discussion today concerning integration of identity and security aspects into an api gateway architecture. users start with identity and therefore its worth to mention the difference between authentication and authorization (authn, authz :wink: with role and attribute based access management
(rbac, abac) and finally safe content delivery based on content based access control (cbac) for strict content revisition, where oauth and saml (both 2.x) token come to some importance, enabling integration of a third role providing rich user information ((multifactor) sso, ldap etc.) token, discussed in identity broker context already as far as i know. security starts with pretty good privacy (nomen est omen:), enforced ssl, tls (data and transport security) … and, if that are topics for an ongoing discussion here, i would love to be part of and maybe give some impressions on possible themes like dashboard architectures, configuration policies …
best, peter


#2

Hi Peter,

Welcome, Sounds intreating - lots of keywords there :slight_smile:

Feel free to post any suggestions you may have, or ideas for improving Tyk we’re very open to recommendations.

Always happy to discuss.

Cheers,
Martin