Hi all, I'd like to add another related concern here. There can be internal APIs (server to server) which may not be exposed to the outside. For example, context loading and subscription loading APIs between API Gateway and API Core. For them, I don't think we need OAuth or any kind of authorization mechanism because it simply needs some kind of authentication mechanism only. I believe we can use mutual SSL for this. But since these APIs are msf4j services, we will need per-service mutual SSL support from msf4j.
Thanks, Bhathiya
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture