Layer7 API Security

 View Only

Layer7 Work in Progress Update - PI31

By Gregory Thompson posted Sep 14, 2022 08:39 AM

  

PI Planning for PI31 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback by commenting on this post below. We would love feedback on both the current and future PI items in order to help us prioritize the items that will have the most benefit for our customers.

Recent Releases:
The following product versions were released during PI30:

PI31 Key Capabilities

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

API Gateway:
  • Release of API Gateway 11
    • Debian Based Appliance
    • JDBC Driver update
    • Active Dir integration for SSH
    • Apache HTTP Client Update
  • Common Criteria Certification (conclusion)
  • FIPS certification lib updates
  • SFTP Library updates
  • MQ JMS driver updates
  • Embedded Hazelcast assertion v5 support
  • Ephemeral Gateway
  • Kafka Consumer Support

OAuth Toolkit:

  • OTK 4.6 Release
    • FAPI 1.0 Support (Advanced Profile)
    • Token exchange grant based on RFC8693
    • Device authorization grant based on RFC8628
    • RFC 7591 Software Statement Support
    • Enforce Rate Limiting for OTK Endpoints
  • FAPI 1.0 CIBA Poll Mode support
  • Cassandra 4.x driver with performance improvements
  • OTK Helm chart deployment

Mobile SDK:

  • MAG 4.2.2 Release
    • Security enhancements to remove use of query parameters for access tokens
  • SDK 2.3 Release
    • Android 13 support
    • iOS 16 support
    • Android key Storage updates
    • Updated Encryptions mechanism (Android)
    • Log management improvements
      Exception handling improvements

API Portal:

  • Portal 5.1.2 Release
    • Custom page support
    • Rate and Quota Limits at API per Organization Level
    • Fully customizable email templates
    • PAPI - Provide public API details without Authentication
    • Improved management of Organization API visibility
    • TLS 1.3
    • MariaDB Support
  • PAPI Updates for App and Registration Requests
  • Support Editing of Proxy Name and URL
  • Portal Dispatcher Improvements for CIDR configuration
  • SAML SSO: support for onboarding multi-org users
  • Disable local logins
  • Decouple OTK from Portal Phase 1
  • [Experimental] Rate Limits & Quotas for API per Application
  • [Experimental] Quota Consumption Report by API per Application

Layer7 Infrastructure Manager (L7iM):

  • Tech Preview - Graphman (GraphQL Gateway Management Service)
  • Alerting for Expired/Expiring Certifications via Portal UI

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

Candidates for PI32
While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

API Gateway:

  • Debian appliance work completion with GW 11 release
  • Websockets enhancements to allow multiple websockets services on a shared port
  • Common Criteria Certification
  • Additional authentication schemes for JDBC connections
  • MariaDB support for SSG DB
  • Support for API Gateway without DB
  • gRPC protocol support
  • SNI Support
  • API gateway as an ingress controller for K8s
  • XSLT 3 Support for the XSLT Assertion
  • Gateway support for Redis for inter-gateway communication

OAuth Toolkit:

  • FAPI 1.0 PAR Support
  • FAPI 2.0 Support
  • Shared Signals Support
  • Separate DB read vs. write connections for improved multi-region support

Mobile SDK:

  • iOS 17
  • Android 14

API Portal:

  • API Products to define pre-packaged APIs along with usage limits
  • Rate Limits & Quotas for API per Application API Key
  • PAPI JWT support for Authentication and user org/role mapping
  • Integration with external Identity Providers to register Applications and API Keys
  • Debian OVA

Layer7 Infrastructure Manager (L7iM):

  • Graphman bootstrapping for ephemeral gateway mode
  • Mappings
  • Gateway Health
0 comments
101 views

Permalink