ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum IndexWebSphere Message Broker SupportSecuring an API : Use IIB or API Connect

Post new topicReply to topic
Securing an API : Use IIB or API Connect View previous topic :: View next topic
Author Message
Pats21
PostPosted: Tue Apr 18, 2017 4:54 am Post subject: Securing an API : Use IIB or API Connect Reply with quote

Disciple

Joined: 08 Sep 2006
Posts: 152

Hi,

We have IIB and API Connect products in our environment, whereby API are developed on IIB and exposed to internal consumer directly. Whereas, an consumer outside the organisation comes via API Connect.

We have an existing working API, which is being used by multiple interenal consumers. Now, we want to expose this API to external consumer. However, there are few sensitive data present as part of the request/response message.

We would like to implement some sort of security around it, like encrypt the entire message, encrypt only the sensitive fields, mask the fields, etc.

I would like to know that if I go with the approach of encrypting the entire message or only the sensitive fields, then which product should I implement this change?

I am not an API Connect expert, so not sure whether this is even achievable in API Connect. However, I would like to know from a architecture principle perspective as well.

Would appreciate your valuable thoughts on this.

Thanks in advance.
Back to top
View user's profile Send private message
Vitor
PostPosted: Tue Apr 18, 2017 5:01 am Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 24614
Location: Ohio, USA

Understand that I would not describe myself as an API Connect expert.

Having said that, I believe the only security API Connect adds is access security - who can access what URL and how often. I don't believe it has a native capability to encrypt any part of the payload outside of the HTTPS conversation with the customer. You'd need to do that in IIB / DataPower / somewhere else I think
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
ruimadaleno
PostPosted: Tue Apr 18, 2017 8:42 am Post subject: Reply with quote

Master

Joined: 08 May 2014
Posts: 274

you need to plan ahead before

Do you want all your service to be protected ? do you want to expose an "hybrid secured" service where some capabilities are "open" to all authenticated users and a few capabilities are available to a well defined set of authenticaded user ?

Do you have any kind of security repository in place you can use to manage users and their profile/access rights? maybe an LDAP server ?

after these decisions there are some methods you can you use like PepSecurity Node, security profiles etc.

About message data: is it enough to encrypt message data ? do you need to validate if the message was sent by the consumer and that the message was not modified ? you may need digital signatures

Just my two cents in this security theme
_________________
Best regards

Rui Madaleno
Back to top
View user's profile Send private message
Pats21
PostPosted: Mon Apr 24, 2017 3:26 am Post subject: Reply with quote

Disciple

Joined: 08 Sep 2006
Posts: 152

Thank You Vitor and Rui Madaleno for your inputs.

Regards,
Pats ...
Back to top
View user's profile Send private message
Display posts from previous:
Post new topicReply to topic Page 1 of 1

MQSeries.net Forum IndexWebSphere Message Broker SupportSecuring an API : Use IIB or API Connect
Jump to:



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP


Theme by Dustin Baccetti
Powered by phpBB 2001, 2002 phpBB Group

Copyright MQSeries.net. All rights reserved.