Web Api services using IBM Datapower
Download as PPTX, PDF2 likes19,193 views
This document discusses IBM DataPower and how it can be used to securely expose APIs and services. It provides an overview of DataPower's key capabilities including security, protocol support, and an application development model. Specific services that DataPower provides are discussed such as the web service proxy, XML firewall, and web application firewall. The document also covers how DataPower can implement various security features and policies to control access and traffic. Finally, it presents some high-level questions to consider when shaping an API strategy.
Ad
More Related Content
What's hot (20)
Viewers also liked (13)
Ad
Similar to Web Api services using IBM Datapower (20)
![[Toroman/Kranjac] Red Team vs. Blue Team in Microsoft Cloud](https://cdn.slidesharecdn.com/ss_thumbnails/fs0fswrr36f3q9puu3u6-signature-d4523b3bf020616e67040d2a940ba8bf9aeab187b20da49956548f98de22ea12-poli-180606121949-thumbnail.jpg?width=560&fit=bounds)
Ad
Recently uploaded (20)
Web Api services using IBM Datapower
- 1. WEB API Deliver Company Services as Cloud to Developers, 3rd parties etc… Tansu Daslı Osman Ozel
- 2. DATAPOWER Key Points • Hardened security: It can act purely as a security gateway. • Appliance versatility: It is easy to add to the the network at various points to perform different functions. • XML lingua franca: The promise of XML-speak is uniformity, simplicity, and transparency of handling data. Being XML-centric from core upwards gives DataPower the ability to adapt to different roles. • Any-to-any transformation: The ability to transform any data format allows it to be an integration device. • Multi-protocol support: This allows it to be a integration device or bridge for heritage applications. Ease of Use • Installation: As a network appliance it can be up and running in literally a few minutes. • Development cycle: On-board Web GUI based approach to creating and managing applications gets rid of the develop-deploy round trip development methodology. • Development model: The modeling uses the building-block approach where the application is built using a collection of objects one on top of another. The granularity of these objects maps comfortably to architectural components of typical applications.
- 3. DataPower Core services Multi-Protocol Gateway Web Service Proxy XML Firewall Web Application Firewall Access to a third-party Web service, described by a WSDL, is front-ended by the Web Service Proxy. Access to a specific operation, is controlled by an Authentication, Authorization, and Auditing Policy (AAA) that extracts identity information from the WS-Security Username-Token. Requests exceeding specified service level parameters are queued and bleed off at the specified rate. Access to all other operations is unrestricted. The XML firewall service is used to send and receive XML traffic over HTTP to and from XML-based applications. • Accept and send SOAP, raw XML, or unprocessed (binary) documents. • Decrypt, encrypt, filter, transform, and validate XML documents. • Route XML documents to the appropriate back-end service. • Sign documents and verify signatures. • Process large documents in the streaming mode. • Implement document-level security or service-level security. • Communicate with clients, servers, and peers with SSL encryption. An external client to connect to the Web application firewall service in DataPower. Once authenticated, request is forwarded to the back-end Web application. The Web application firewall service uses an AAA policy to validate users. In a production environment, you would also need to secure the connection from the Web application firewall service to the back-end Web application, using either a security token or SSL.
- 4. Web Services & Policy Management Traffic throttling : This is a simplified model of controlling throughput of messages by discarding packets that go over a certain threshold. DataPower’s Limit field sets the threshold, and an interval is set for duration of throttling. Traffic shaping : An SLM that can improve delivery while maintaining SLAs on performance by protecting bandwidth. Custom SLM statements Count all (default) : The threshold level is applied to the resources specified by a resource class. Count errors : The threshold is based on errors. Back-end latency : The threshold is based on server latency. Internal latency : The threshold is based on internal latency (processing time). Total latency : The threshold is based on the sum of measured latencies.
- 5. Security • Protocol-based security, including SSL • Message-based security, including digital signature generation and verification, as well as data encryption and decryption • The Authentication/Authorization/Audit (AAA) framework for access control • Federated Identity Management WS-Security Security Assertion Markup Language (SAML) XACML PEP/PDP Kerberos and SPNEGO XML threats Multiple-message XDoS attacks Unauthorized access attacks Data integrity/confidentiality attacks Systems compromise attacks Single-message xDOS attacks
- 6. High Level Architecture operation SOAP WS SOAP WS Datapower cloud domain mw domain Security Throttle Developers 3rd Parties apigee/w2o/mashery/ibm/3scale Security Throttle soap-ws Monitoring Billing Developer Portal HTTP over XML Restfull WS restful-ws D M Z C O M P A N Y Monit oring OTA Developer Portal confluence developer .company .com.tr Reverse Proxy C L O U D
- 7. Questions for Shaping Strategy Which services exposed to whom (3rd parties, external developers etc..)? legal implications? metrics to measure success (page visit or revenue etc..)? aim (increasing the revenues, increase product loyalty or rebranding etc..)? pricing model (free, developer pays, shared revenue, advertisement revenues, tired pricing etc..) ? An effective Web API strategy is essential in a market where access really is everything. 1 Community is important for success. web api management platform place (inside company or cloud)? agrements with incubation centers?
Editor's Notes
- #7: domain based management, different operation groups can use datapowerdomains can be used to isolate the different usage scenariosdatapower capabilities: security (message level, transport level), throttling the load, reverse proxydeveloper portal: service documentations, register api, search api, register user, service usage statistics, how to docs etc…billing: how to bill usages ?
- #8: * Source: 1 ftp://public.dhe.ibm.com/software/solutions/soa/pdfs/ebook-web-api-management.pdf