Layer7 API Security

 View Only

Layer7 Work in Progress Update - PI38

By Gregory Thompson posted Aug 23, 2024 08:26 AM

  

PI Planning for PI38 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback. We would love feedback on both the current and future PI items to help us prioritize the items that will have the most benefit for our customers.

 

Recent Releases

 

The following product versions were released during PI37:

• API Gateway 11.1.1 - Release Notes

• API Portal 5.3 - Release Notes

• OTK 4.6.3 - Release Notes

 

Release and EOS Calendar

 

The following image provides a timeline view of past and planned releases (future releases are prefixed with “+”). For planned releases, the timeline, release name/version, and release content are subject to change. End of Service (EOS) dates are shown in gray on the bottom half of the image.

 





Planned Releases for PI38

 

The following product versions are planned to be released during PI 37. The marquee features for each release are included. For planned releases, the timeline, release name/version, and release content are subject to change.

 

  • API Gateway 11.0 CR3 - September 2024

    • Generally a minor released focused on fixes and CVE patches

    • Graphman enhancements back ported from 11.1.1

      • Representation of properties and mappings in the Graphman schema

      • Support for managing users, groups and roles

      • Support for managing audit configuration

      • Support for managing certificate validation

      • Support for managing generic entities

    • Dynamic private key management back ported from 11.1.1

  • API Portal 5.3.1  - Late October/Early November 2024

    • Removing of API Explorer for PAPI Endpoints

    • Template Management - APIs Tab in Category and others

    • API Products - General Availability (except Workflow)

    • Client applications managed by external OAuth providers

    • PSSG Removal

    • API URI Enhancements for improved wildcard support

    • Portal Debian 12 OVA Platform Patch

    • Notifications for Automatic Removal of Inactive Users

    • Allow non-admin users to create multiple API Keys in an application

    • API Products - Workflow for Product Access

    • Graphman Bundle GA Support

    • Gateway-published APIs sync without automatic sync for portal-published APIs

  • SDK 2.5 - Late November/Early December 2024

    •  Limit concurrent users

    • Android 15/iOS 18 Support

    • iOS Privacy Manifest



PI38 Key Capabilities

 

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

 

API Gateway:

  • Gateway 11.0.00 CR3 Release Activities

  • Next Common Criteria Evaluation for Gateway 11.1.1

  • Publish container gateway to Iron Bank

  • Base container gateway on RHEL UBI 9 micro

  • ICAPS support

  • SHA-256 support in Tactical AS2Protocol assertion

  • Mina upgrade

  • JaasLounge dependencies upgrade

  • Support for additional strong TLS ciphers

  • Support Software Gateway running RHEL JDK in FIPS mode

  • Listener level HSTS response header configuration

  • Replace Tomcat NIO with NIO2

  • Create VPAT v2.5 for Gateway 11.1+

  • Increase service metric counters to 64bit data type

  • Headless Luna HSM Configuration

  • nShield HSM client 13.6.3 upgrade

  • FIPS 140-3 updates

  • Publish graphman-client to NPM registry

  • [Spike] Distroless GW image

  • [Spike] Embedded gemfire

  • [Spike] Spring Framework 6.x upgrade

  • [Spike] Remove L7 platform component

  • [Spike] Remove process controller component

 

OAuth Toolkit:

  • Inactive Client Detection

  • OTK Usability Improvements

  • Provide configurable support for authentication for the dynamic client registration endpoint


API Portal:

  • API Products - General Availability (except Workflow)

  • API Products - Workflow for Product Access

  • Notifications for Automatic Removal of Inactive Users

  • Portal Debian 12 OVA Platform Patch

  • API URI Enhancements for improved wildcard support

  • Allow non-admin users to create multiple API Keys in an application

  • Graphman Bundle GA Support

  • Gateway-published APIs sync without automatic sync for portal-published APIs

  • Removing of API Explorer for PAPI Endpoints

  • Portal 5.3.1 Release Activities

  • Portal UI Breadcrumbs for Improved Navigation

  • Custom Roles: Refactor Apps/WF to use permissions for all AuthZ decisions

  • Custom Roles: Update UI to exclusively use UserContext Permissions (Part 1)

  • Preserve customizations after Upgrade

  • [Experimental] Layer7 Operator - Portal support for Ground to Cloud Agent

  • [Experimental] Portal support for external key storage via Gateway remote key/value storage Assertion

  • OpenAPI spec validation for runtime policy enforcement

  • Portal support for OAuth DCR based API-Keys (Part 1)

  • Update Portal Policies to support central configuration of HTTP Proxy Server

 

  

Mobile SDK:

  • SDK - Android 15/iOS 18 Support

  • SDK 2.5 Release Activities



Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

 

Candidates for PI39 and Beyond

While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

 

API Gateway:

  • Next generation management interface

  • GemFire support

  • [OTel] Support custom attributes for service metrics

  • [OTel] Support custom attributes for spans

  • [OTel] Support reading/writing baggage

  • [OTel] Enhanced granularity of default identifying attributes

  • [OTel] Update span status to indicate all policy assertion failures

  • Graphman folder management

  • Graphman partial update support

  • Javascript assertion enhancements

  • HTTP client upgrade

  • AMQP durable queue support

  • HTTP and HTTP/2 over shared port

  • gRPC

  • SNI

  • [Experimental] Gateway as k8s ingress controller

  • Container gateway optimizations (smaller, faster, more secure, more cloud native)

  • Post Quantum Crypto (PQC) Support

  • HTTP/2 streaming

 

OAuth Toolkit:

  • [Preview] Layer7 Operator support for OTK

  • Support mTLS with Load Balancers with client certificates provided in header

  • Enable additional customization hooks for Grant Management

  • OTK Upgrade Improvements

  • FAPI 2.0

  • OTK - OAuth 2.0 Rich Authorization Requests (RAR)

 

 

API Portal:

  • Portal Helm Charts for Installing into a FIPS-compliant environment

  • [Preview] Layer7 Operator Support

  • API Products - Workflow for Tier Change Requests

  • Custom Roles - Completion

  • API Revision History Management

  • Display Reports in Portal UI in a configured timezone

  • API Products - Product Manager Role

  • Bulk API Editing

  • API Spec tab updates for improved OAuth support

  • Productization - Decouple OTK from Portal

  • API Catalog for non-managed APIs

  • API Notification Management

  • Workflow for API Publishing

0 comments
23 views

Permalink