Layer7 API Management

Layer7 Work in Progress Update - PI27

By Gregory Thompson posted 08-19-2021 10:33 AM


PI26 is complete and we have now entered into PI27. During PI26, API Gateway 10.1 and API Portal 5.0.2 were released including many new capabilities and updates (click on the release links for the full release notes).  Below you will find the list of items that are included in PI27. As always, we invite you to provide feedback by commenting on this post below. We would love feedback on both the current and future PI items in order to help us prioritize the items that will have the most benefit for our customers.

The key capabilities currently being worked on in this PI (PI27) are:

API Gateway

  • Release of API Gateway 10.0 CR4 - this update will include cumulative fixes for the 10.0 release.
  • Tactical Assertion Update for API Gateway 10.1 - a number of tactical assertions (such as Injection Filter, Delay, Asymmetric Key Encryption/Decryption, Symmetric Key Encryption/Decryption, SNMP Agent, Gateway Metrics, and JVM Metrics) will be updated for compatibility with API Gateway 10.1 
  • Upgrade to Tomcat 9.0.x
  • Support for Availability Zones within Azure
  • Luna HSM support for container gateways
  • Common Criteria Updates
  • HA Documentation updates for K8S
  • Certify Policy #10 for Luna HSM support
  • Enable debugging for Encapsulated Assertions

OAuth Toolkit

  • RFC8705 Mutual TLS using the self-signed profile
  • Hashed secret storage for all clients registered with the OAuth Toolkit

Mobile SDK

  • Browser-based authentication when redirected to an App (iOS and Android)
  • iOS 15 support
  • Android 12 support

API Portal

  • Release of API Portal 5.0.3 SaaS
  • Support for enhanced Rate & Quota Limit policies for API publishing  
  • User profile updates to require password challenge for improved user security 
  • Account plan sync optimization
  • Certify deployment for Azure K8S (AKS) and Google Cloud (GKE)
  • Support for MySQL 8.0.26

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

Candidates for PI28
While the capabilities to be included in PI28 are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

API Gateway

  • Headless Install Updates for Siteminder and Precision API Monitoring
  • Policy Plugin Updates
  • Websockets support for HTTP using same port
  • Common Criteria Certification
  • Javascript Assertion Update to replace deprecated Nashorn implementation
  • Remote cache assertion productization 
  • GraphQL Schema Validation Assertion
  • gRPC protocol support
OAuth Toolkit
  • Dynamic CORS origin management
  • Support for any port in redirect URLs with “localhost”
  • ID Token Customization 
  • Client Initiated Backchannel Authentication (FAPI-CIBA Profile)
  • Token exchange grant based on RFC8693
  • Device authorization grant based on RFC8628
  • Token Introspection API
  • Token Revocation List API
  • Helm chart updates with Cassandra reference implementation

Mobile SDK

  • Migrate from jcenter to somewhere else (mavenCentral?)
  • Update Android key storage, Account Management and encryption
  • Access token Audience handling for targeted/multiple APIs

API Portal

  • Custom API Metrics Report for related Orgs
  • Workflow for API key creation/edit
  • API Portal support for Environmental Gateway Bundles
  • API Portal for “service” type gateway bundles
  • Ops Capabilities via Portal