On Tue, Mar 5, 2019 at 4:57 AM Johann Nallathamby <joh...@wso2.com> wrote:
> APIM Team, > > In API Manager it seems like if we check the option to secure APIs using > Mutual TLS security AND OAuth2 security for APIs, API Manager checks if > either of the mechanisms are in place. There is no way to enforce both on > an API. There are good number of customers who want to enforce both at the > same time for APIs, for additional security. Naturally Mutual TLS is more > secure than OAuth2 tokens, however for throttling and analytics to work we > need to enforce OAuth2 as well. Otherwise customers could bypass throttling > and analytics. > > I would have thought ticking both checkboxes means both have to be > enforced. Isn't that a more reasonable behavior? Can we support both 'AND' > and 'OR'? > It's a good idea to support both. We need to tweak our implementation to support this. > > Thanks & Regards, > Johann. > > -- > *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | > WSO2 Inc. > (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com > [image: Signature.jpg] > -- *Harsha Kumara* Associate Technical Lead, WSO2 Inc. Mobile: +94775505618 Email: hars...@wso2.coim Blog: harshcreationz.blogspot.com GET INTEGRATION AGILE Integration Agility for Digitally Driven Business
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture