*[sending this mail again because previous one wasn't copied to architecture@wso2.org <architecture@wso2.org>]*
Hi Nuwan, Hi Harsha, Hi Chamod, An additional thought here. Most of the times customers who ask for basic authentication support are the customers who need to support legacy external applications I believe; not so much the internal applications. Because, there can be many external parties and they cannot ask all those parties to change. For example, mobile apps that take username/password to be changes to OAuth2. In those cases it could be also useful to track all these "clients"; meaning applying throttling and analytics. If we go with only username/password I believe we can't get that capability, because our throttling and analytics is coupled to OAuth2 client_id. Hence can we provide the following improvements. 1. For clients who are willing to change the client side slightly, we can use the following format: *base64((base64(client_id:username)):base64(client_secret:password))* I am assuming our client_id and client_secret doesn't contain ":" (colons). There can be many ways of doing this. So good if we can provide an extension point to extract the client credentials. 2. For clients who are not willing to change the client side at all, generate a blanket application from the gateway on first use of any such legacy application, to capture all such clients under one internal client_id, to apply analytics and throttling considering all those apps as one. I suppose this will at least separate the non-trusted apps from trusted apps, to minimize breaches. Thoughts? Regards, Johann. On Tue, Mar 5, 2019 at 4:41 PM Chamod Samarajeewa <cha...@wso2.com> wrote: > > > ---------- Forwarded message --------- > From: Chamod Samarajeewa <cha...@wso2.com> > Date: Tue, Mar 5, 2019 at 4:35 PM > Subject: Re: Basic Authentication for APIM Gateway > To: Nadeesha Gamage <nadee...@wso2.com> > Cc: Harsha Kumara <hars...@wso2.com>, <architect...@wso2.com>, Nuwan Dias > <nuw...@wso2.com>, APIM Team <apim-gr...@wso2.com> > > > Hi Nadeesha, > > How will this impact statistics? Will it be possible to get usage >> statistics even if they use basic authentication? >> > > Yes, can get the usage statistics using the username and the api. > > I would also like to know when this feature would be available. > > > Within Q2 and Q3 time frame. > > Thank you.Best Regards. > Chamod. > > On Tue, Mar 5, 2019 at 3:32 PM Nadeesha Gamage <nadee...@wso2.com> wrote: > >> Hi Chamod, >> I would also like to know when this feature would be available. >> >> Nadeesha >> >> On Tue, Mar 5, 2019 at 3:30 PM Nadeesha Gamage <nadee...@wso2.com> wrote: >> >>> Hi Chamod, >>> How will this impact statistics? Will it be possible to get usage >>> statistics even if they use basic authentication? >>> >>> Nadeesha >>> >>> On Fri, Feb 15, 2019 at 5:18 PM Harsha Kumara <hars...@wso2.com> wrote: >>> >>>> Hi Chamod, >>>> >>>> Can user choose to expose API either OAuth or Basic authentication with >>>> this implementation? >>>> >>>> We need to provide basic authentication agaist user store configured in >>>> the key manager. Because most of the timee, gateway won't share user >>>> stores. Please add the local user store authentication support as well. We >>>> need to look for possible caching mechanism for this. >>>> >>>> Since we do have mutual authentication as a security scheme, check the >>>> best way of providing the basic authentication >>>> >>>> Thanks, >>>> Harsha >>>> >>>> On Fri, Feb 15, 2019 at 4:59 PM Chamod Samarajeewa <cha...@wso2.com> >>>> wrote: >>>> >>>>> Adding architect...@wso2.com. >>>>> >>>>> >>>>> ---------- Forwarded message --------- >>>>> From: Nuwan Dias <nuw...@wso2.com> >>>>> Date: Fri, Feb 15, 2019 at 3:01 PM >>>>> Subject: Re: Basic Authentication for APIM Gateway >>>>> To: Chamod Samarajeewa <cha...@wso2.com> >>>>> Cc: Architecture Team <architecture-t...@wso2.com>, APIM Team < >>>>> apim-gr...@wso2.com> >>>>> >>>>> >>>>> Chamod, this email should be sent to architecture@wso2.org. >>>>> >>>>> Thanks, >>>>> NuwanD. >>>>> >>>>> On Fri, Feb 15, 2019 at 2:37 PM Chamod Samarajeewa <cha...@wso2.com> >>>>> wrote: >>>>> >>>>>> Hi All, >>>>>> >>>>>> I have included the information in the Github issue here as well. >>>>>> >>>>>> *Requirements* >>>>>> >>>>>> >>>>>> Provide authentication for APIM Gateway with basic authentication >>>>>> which uses usernames and passwords. >>>>>> >>>>>> *Introduction* >>>>>> >>>>>> >>>>>> Providing feature of enabling basic authentication security schema to >>>>>> product APIM Gateway along with OAuth2 token-based authentication. The >>>>>> user >>>>>> will be benefited with using only OAuth2 token based authentication >>>>>> alone, >>>>>> using basic authentication alone and using both schemas at the same time. >>>>>> >>>>>> >>>>>> *Approach* >>>>>> >>>>>> >>>>>> [image: Basic Auth - APIM-GW-2.jpg] >>>>>> >>>>>> curl -k -X GET "https://10.100.0.201:8243/pizzashack/1.0.0/menu"; -H >>>>>> "accept: >>>>>> application/json" -H "Authorization: Basic $(echo -n >>>>>> username:password | base64)" >>>>>> >>>>>> The API Authentication Handler will forward the request to Basic Auth >>>>>> Authenticator or OAuth Authenticator based on the authorization header of >>>>>> the request. >>>>>> >>>>>> Thank you. Regards. >>>>>> >>>>>> On Fri, Feb 15, 2019 at 2:20 PM Chamod Samarajeewa <cha...@wso2.com> >>>>>> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> I'm working on developing a new feature for APIM Gateway to >>>>>>> provide Basic Authentication support. You can find the details in the >>>>>>> following Github issue [1]. >>>>>>> >>>>>>> I would really appreciate any feedback. Thank you. >>>>>>> >>>>>>> Best regards, >>>>>>> Chamod. >>>>>>> >>>>>>> [1] - https://github.com/wso2/carbon-apimgt/issues/5986 >>>>>>> -- >>>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>>> GET INTEGRATION AGILE >>>>>>> Integration Agility for Digitally Driven Business >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>>> GET INTEGRATION AGILE >>>>>> Integration Agility for Digitally Driven Business >>>>>> >>>>> >>>>> >>>>> -- >>>>> *Nuwan Dias* | Director | WSO2 Inc. >>>>> (m) +94 777 775 729 | (e) nuw...@wso2.com >>>>> [image: Signature.jpg] >>>>> >>>>> >>>>> -- >>>>> Chamod Samarajeewa | Software Engineer | WSO2 Inc. >>>>> (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> >>>>> GET INTEGRATION AGILE >>>>> Integration Agility for Digitally Driven Business >>>>> >>>> >>>> >>>> -- >>>> >>>> *Harsha Kumara* >>>> >>>> Associate Technical Lead, WSO2 Inc. >>>> Mobile: +94775505618 >>>> Email: hars...@wso2.coim >>>> Blog: harshcreationz.blogspot.com >>>> >>>> GET INTEGRATION AGILE >>>> Integration Agility for Digitally Driven Business >>>> >>> >>> >>> -- >>> Nadeesha Gamage >>> Senior Lead Solutions Engineer >>> T : +94 77 394 5706 >>> B : https://nadeesha678.wordpress.com/ >>> >> >> >> -- >> Nadeesha Gamage >> Senior Lead Solutions Engineer >> T : +94 77 394 5706 >> B : https://nadeesha678.wordpress.com/ >> > > > -- > Chamod Samarajeewa | Software Engineer | WSO2 Inc. > (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > > > -- > Chamod Samarajeewa | Software Engineer | WSO2 Inc. > (m) +94710397382 | Email: cha...@wso2.com <dimi...@wso2.com> > GET INTEGRATION AGILE > Integration Agility for Digitally Driven Business > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > -- *Johann Dilantha Nallathamby* | Associate Director/Solutions Architect | WSO2 Inc. (m) +94 (77) 7776950 | (w) +94 (11) 2145345 | (e) joh...@wso2.com [image: Signature.jpg]
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
