I've been working on a project in SDN to implement an authentication method for network applications in an SDN environment.
is there a way to implement a cryptographic authentication for the applications in a ryu controller for example ?
because i couldn't find any ressources about this subject.
thanks!
Related
I am planning to build this side project that helps me learn better about backend development, authentication and socket programming etc.
The idea is to build a chat application where users are mapped based on their interests and they can then talk about that topic.
To maintain the authenticity of the user I thought of adding an Authentication (Basically Phone Auth) Service. Even though there are various prebuilt services like Twilio, Firebase etc. I really want to learn the core of how they were built so that I could build that service on my own based on My Needs.
Thanks in advance
I am making a video conferencing application using the Jitsi Android SDK.
I may use either the meet.jit.si server as a media gateway to a JaaS (Jitsi as a Service) from 8x8 corporation. What are pros and cons of those?
In very simple words meet.jit.si is for public use for doing video conferencing for personal use, we don't need to host anything to use their app, we can start a person meeting just click of button-like google meet. while JaaS (Jitsi as a Service) from 8x8 is like the PaaS which provides backend microservices to support our self-hosted Jitsi.
I'm currently working on custom hosting panel (Angular), which should interact with third party services like Proxmox, Billmanager, Zabbix, Grafana etc.
So my question is how this panel should interact with this services? Should I call directly each of them by API? Or I need to integrate some kind of middleware API (laravel/django) and allow my angular panel to interact only with that API, and after each call this middleware API will call some of third party services (Proxmox, Zabbix etc) if needed?
I will add some schema of possible solutions.
Will be great if you can share some best practice examples.
Thanks in advance for your help)
Ok. So based on some research v1 is a right choice.
This "middleware" is called API Gateway. And in such systems which includes interaction with lots of third party services we definitely need it.
Benefits
We can make all services private (no pubic access)
This adds async to all system
etc
I have reading and developing my understanding with SOA, I found this approach of development useful. However there are couple of thing confusing me which are:
Background: we are designing online financial application, recently we are in phase of designing brain storming sessions. (audit & logging need to be done)
1 - how to make sure Secure inter process communication?
My thinking: to restrict external access to these API's by firewall. So these can only be call internally by system.
2 - what will be preferred protocol rest or soap in context of private api (IPC) and public APIs (exposed to clients for e.g mobile,web and desktop)
My Thinking: For read we can use Rest and for ACID compliance transactions we can utilize soap as its provide point to point security. Or for IPC we are thinking to utilize soap as its provide audit mechanism also.
3 - What is Role of API gateway? specially is it involve in inter process communication?
I am confused on this specially with IPC. I think all request even services to services call will perform via API gateway. Kindly elaborate this in detail if I am wrong.
4 - is this possible to keep some services public and some private in micro services architecture? how to logically separate both of them?
What ever I have research we can do this.
5 - What is major difference and pros and cons of SOA and Micro SOA?
My view: Msoa is extention of SOA.
Thanks in advance.
Can anyone draw a diagram or provide link of MSOA architecture diagram with API gateway.
APIGEE is primary source of my understanding, then google it specifics which move in different directions.
Security is our major concern.
1 - how to make sure Secure inter process communication?
Internally, whitelisting IP's and firewalls are probably the most secure. If these servcies scale and have dynamic IP's you may have an issue with that, in which case shared secrets can work, but ned to be put in place and respected across all services. JWT's are quite good for this (similar to SAML, but not as painful), used with an authentication microservice.
Externally - tokens, OAuth2 depending on how much pain you want to go through.
2 - what will be preferred protocol rest or soap in context of private api (IPC) and public APIs (exposed to clients for e.g mobile,web and desktop)
I would use REST, SOAP is slowly becoming an antiquated standard, you can secure comms p2p by using TLS or HMAC signing.
3 - What is Role of API gateway? specially is it involve in inter process communication?
An API gateway is usually used to expose legacy APIs to the public, or to manage a large set of internal services via single amanged interface. An API gateway can also help manage tokens for clients and offer a single token for multi-service access and obfuscate the internal APIs from the external interface.
Gateways tend to also offer developer portals and some kind of self-enrollment process as well as control flows for request content (inbound and outbound).
Tyk.io is an open source API Gateway - you can see the kind of features to expect from a gateway on their home page
4 - is this possible to keep some services public and some private in micro services architecture? how to logically separate both of them?
Yes, you can with an API gateway. So long as there are no inter-service dependencies.
5 - What is major difference and pros and cons of SOA and Micro SOA?
I think one is a subset of the other, SOA tends to be interconnected with a messaging structure like an ESB, but micro-SOA will bhe even more specialised and may not use an ESB.
I am working on one school project, And my task is to make a simple api gateway, which can placed between any of the 3rd party api and the end users, tha gateway can be used for defining usage limits of the api or to do some security analysis, I am totally new to this, I know the basic concept of API gateway, but don't know how do I implement it using JAVA.
Can anyone please give me some starting point where to start implementation of API gateway?
And what are the frameworks I should use and for what purpose?
Thanks,
Nixit Patel
In a nutshell, API gateway exposes public APIs, applies policies (authentication - typically via OAuth, throttling, adherence to the the defined API, caching, etc.) and then (if allowed) optionally applies transformation rules and forwards the call to the backend. Then, when the backend responds, gateway (after optionally applying transformation rules again) forwards the response to the original caller. Plus, there would typically be an API management solution around it providing subscriber portal, user management, analytics, etc.
So basically any web service framework would work as a quick DYI solution.
You can also use plugin model of an open-source load-balancer such as NGINX.
Or take an open-source API Gateway to learn from it - e.g. WSO2 API Manager (the easiest way to see it in action is the hosted version: WSO2 API Cloud)