Layer7 API Security

 View Only

Layer7 Work in Progress Update - PI26

By Gregory Thompson posted May 11, 2021 09:21 AM

  

As part of our effort to keep our customers up to date and get continuous feedback, we are continuing to provide updates on our development work in progress for each Program Increment (known as a "PI") here in the Layer7 Community. We invite you to provide feedback by commenting on this post below. The key capabilities currently being worked on in this PI (PI26) are:

API Gateway

  • Release of API Gateway 10.1 - The next major release of the API Gateway will be v10.1 and it targeted for late July/early Aug. This release will include a number of underlying library updates such as JDK, Spring, Hibernate, CyprtoComply, and more. The release will also include gateway completed in the current and previous PIs such as (TLS1.3, compressed kerberos tokens, update HSM drivers/libs, websockets assertion enhancements)
  • OAuth Toolkit (OTK) Tuning Guide for Cassandra with HA
  • OTK Performance Enhancements for MySQL - Optimizations will be performed focused on the MySQL OTK DB interactions to enhance the performance of the OTK for use cases that involve large volumes of tokens.
  • JDK11 finalization for 10.1 - completes the overall JDK11 support for the API Gateway to be released with API Gateway 10.1.
  • MPP out of space resolution - addresses an issue where customers applying patches to the API Gateway appliances would run into disk space limitations when multiple patches were present.
  • vSphere 7.0 ESXi support - provides official support of the gateway virtual appliance images on vSphere 7.0 ESXi.
  • Ability to disable SSL Pinning in MAG SDK - allows customers to disable SSL certificate pinning when using the Mobile SDK.
  • Support for RSASSA - PSS signature algorithms - provides the ability to use these signature algorithms in gateway policy
  • OTK Third Party OIDC support - provides customization hooks to allow customer to use a Third Party OIDC flow for authentication within the core OAuth Toolkit. This will allow the OTK to integrate with the VIP Authentication Hub and other third parties supporting the OIDC authentication flow.


API Portal

  • Release of API Portal 5.0.2 for both on-premise and SaaS - The next API Portal release will be 5.0.2 and is targeted for mid-June. The release will include features such as Improved Proxy Details page, Enhanced synchronization for automatic API & API Key deployments, New Organization Type for organizations, API Hub: Multiple API Keys displayed in Applications, Enhanced view and Search for Portal users, and more)
  • Proxy status/availability alert - provides an alert "bell" in the top corner of the API Portal to indicate when an API Proxy become unavailable
  • Organization Tagging for grouping related organizations - provides the ability to group multiple organizations to facilitate viewing reporting and metrics for the group
  • API Plans sync optimization - reduces the time taken to sync API Plans across the API Proxies
  • UX and Portal API (PAPI) improvements for API EULAs - improves the performance of the EULA API and provides capabilities to edit existing EULAs
  • Portal API (PAPI) performance improvements on /api-management/1.0/apis resources - improves the performance of the APIs used to manage APIs in the portal
  • Feature deprecation - Disabling of customization on Core Pages - customization of core pages will be disabled in favor of using the API Hub for customization

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

Candidates for PI27
While the capabilities to be included in PI27 are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

API Gateway

  • Headless Install Updates for Siteminder and Precision API Monitoring
  • Policy Plugin Updates
  • Websockets support for HTTP using same port
  • Common Criteria Certification
  • Upgrade Tomcat version
  • Javascript Assertion Update to replace deprecated Nashorn implementation
  • Remote cache assertion productization 
  • OTK - Audience Restriction support for MAG
  • OTK - Mutual TLS support based on RFC 8705 to allow for proof of possession
  • OTK - Helm chart updates with Cassandra reference implementation
  • OTK - Cassandra data model optimizations

API Portal

  • Custom API Metrics Report for related Orgs
  • Account Plans sync optimization
  • API Plans compatibility with API Groups
  • Workflow for API key creation/edit
  • API Portal support for Environmental Gateway Bundles
  • API Portal for “service” type gateway bundles
  • Ops Capabilities via Portal
1 comment
56 views

Permalink