api gateway - ofm canberra october 2014
DESCRIPTION
Slides from the October Oracle Middleware Forum held in Canberra, Australia. Covers API Gateway and how it can be used in an organisation. For more information, check out our blog at http://ofmcanberra.wordpress.comTRANSCRIPT
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Oracle API Gateway
Damien McAullayOracle Fusion MiddlewareOctober 2014
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 2
Defining APIs …
• APIs are the face of enterprise applications and processes• From the APIs’ consumers’ perspective, they are the applications• Organizations can use different APIs to create optimized applications for
customers, partners & employees• It is imperative that organizations apply the same rigor to applications
lifecycle management to API lifecycle management
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 3
What is an API Gateway or API Management?
• Every API requires a supporting infrastructure to make sure the APIs are properly managed, delivered & secured
• OAG provides an enterprise platform for API delivery removing the needs for APIs owners to build repeatedly one-off support infrastructure
• APIs enable enterprises to deliver business services via Cloud, mobile or partners channels
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 4
Oracle API Gateway – What/How?
• API transformation and protocol switch• API control & runtime governance• API scalability and reliability• API security – AAA and Threats mitigation• API monitoring – routing and throttling• API development lifecycle• API administration
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 5
Fine Grained AuthZ and Data Redaction
• Name & Contact Info
• Masked SSN
• Primary Physician
• Insurance
Response
• Name & Contact Info
• Masked SSN
• Primary Physician
• Insurance
•Payment History
Response
• Name & Contact Info
• Primary Physician
• Health History
Response
Legacy
Patient Record
Application
Legacy
Patient Record
Application
Existing API ReturnsName & Contact Info
SSN
Physician Info
Existing Conditions
Prescriptions
Health Records
Insurance
Payment History
Existing API ReturnsName & Contact Info
SSN
Physician Info
Existing Conditions
Prescriptions
Health Records
Insurance
Payment History
Entitlements Server
Help desk
Doctor
AccountingPEPPEP
PDPPDP
Oracle APIGateway
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 6
Client Oriented Requests & Throttling• Client-based policies for the same web service end-point– Policy A for Client 1 and Policy B for Client 2
• Client-based throttling– Allow 100 transactions per second (TPS) for Client 1 and 250 TPS for Client 2
• Client-based service-level agreement (SLA) alarms• Hiding service operations from certain clients• Client can be identified through– IP address, SAML attributes, SOAP/transport headers– Identity attribute lookup after authentication– Device IDs / IDContext Attributes
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 7
API Key Management
Corporate DMZ
Unified Agent
SOAP/REST and Legacy Web Services
Security Gateway
HR
CRM
Talent
APIKey_AWS APIKey_Salesforce
API Key + Web Service Request
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 8
Oracle API Gateway – Where?
First Line Of Defense
Shared Services Layer
End PointSecurityHTTP,
SOAP, REST,XML, JMS
HTTP, SOAP, REST, XML, JMS
Service BusOWSM Agent
OWSM Agent
DMZ
WS-Security,Basic Auth,Digest,X509, UNT,SAML, KerberosSign & Encrypt
OWSM Agent
OWSM Agent
OWSM Agent
OWSM Agent
WS-Security,Basic Auth,Digest,X509, UNT,SAML, KerberosSign & Encrypt
OAG
Intranet
Applications
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 9
Concepts and Architecture – Logical Components
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 10
Concepts and Architecture – Policy Studio and OAG Manager
OAG INSTANCE 1 OAG INSTANCE 3STOCK CONTROL APIs GROUP
OAG INSTANCE 2 OAG INSTANCE 4PAYMENT APIs
GROUP
PHYSICAL / VIRTUAL MACHINE 1 PHYSICAL / VIRTUAL MACHINE 2
DOMAIN
ADMIN NODE MANAGER NODE MANAGER
OAGMANAGER
POLICY STUDIO
MANAGESMANAGES
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 11
Concepts and Architecture – Configuration Parts
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 12
Concepts and Architecture – Lifecycle Management
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 13
Concepts and Architecture – Lifecycle Management
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | 14
Demo