Layer7 API Security

 View Only

Layer7 Work in Progress Update - PI32

By Gregory Thompson posted Jan 23, 2023 03:18 PM


PI Planning for PI32 is now complete and development has kicked off. Below you will find the list of items that are included in this PI and a summary of the releases completed in the previous PI. As always, we invite you to provide feedback by commenting on this post below. We would love feedback on both the current and future PI items in order to help us prioritize the items that will have the most benefit for our customers.

Recent Releases:
The following product versions were released during PI31:

PI32 Key Capabilities

The sections below provide a listing of the key capabilities being worked on across the Layer7 family of products. Note that some capabilities will span multiple PIs. 

API Gateway:
  • Gateway 11.0 Release
  • Gateway 10.1 CR3 Release
    • Back port support for AD 2016/2019 to 10.1
    • Support multiple private keys with same subjectDN
    • Productize upgrade of SSH listener library to support stronger algorithms
    • JDK upgrade 11.0.17/18
  • [Limited Availability] Graphman
  • [Limited Availability] GraphQL Assertions
  • Update container gateway platform support documentation
  • Best effort support for common MySQL cloud services across all gateway form factors
  • Update gateway to specify utf8mb3 at database level when creating database
  • Redis as alternative to external Hazelcast
  • Back port Progress drivers replacement from 11.0 to 10.1 CRx
  • Update gateway to support Luna 10.5.0 client across form factors
  • Log database connection details on gateway startup or failover
  • [Experimental] Static and dynamic configuration as code framework
  • [Experimental] OAuth Client/Resource Server Assertion
  • [Experimental] Operator productization
  • [Experimental] Key/value storage assertion
  • [Experimental] Extended distributed rate limit, throughput quota and cluster coordination
  • [Experimental] Cloud native logging, tracing, metrics for alerting, monitoring and analytics framework(s)

OAuth Toolkit:

  • OAuth 2.0 Dynamic Client Registration Protocol
  • RFC 7592 - OAuth 2.0 Dynamic Client Registration Management Protocol
  • OTK Testing with GW v11
  • Cassandra improvements to not require case sensitive searches
  • OTK 4.6.1 Release Activities

Mobile SDK:

  • MAG/MAG SDK testing with Gateway v11

API Portal:

  • [Limited Availability] Introduction of API Product Concept - Part 2
  • API Hub: Application UI updates to use /api-management/1.0/applications
  • Entity Sync Improvements (APIs, Applications)
  • Content Security Policy - Updates to allow external images
  • Major Release Activities: v5.2
  • Optimization of Policy Template logic
  • Portal Dispatcher Improvements for CIDR configuration
  • Entity Sync Improvements (Plans, Groups, Bundles)
  • RL&Q Support for Gateway-published APIs
  • Support Editing of Proxy Name and URL (resolves WSDL download port issue)
  • Portal testing with GW v11 (will be done as part of 5.2 release hardening)
  • Decouple OTK from Portal Phase 1
  • Rate Limits & Quotas for API per Application
  • API Secret Expiration
  • Enabling custom integration hooks - App and API sync workflow
  • PAPI - APIs, Plans, and Keys Sync Status
  • Bulk rejection of unwanted registration requests

Note that some larger capabilities may span multiple PIs and, as always, plans are subject to change based on a number of different factors.

Candidates for PI33
While the capabilities to be included in the next PI are not yet set, please see below for a list of candidates being considered. Of course, not all of these will fit and we will select a subset of these based on your feedback. We'd love to know if there is a capability in the list you are eagerly awaiting and/or plan to use. We also would love to know if there is something missing from the list that is important to you. Please comment in the comments section below with your feedback.

API Gateway:

  • Cloud deployment guides, reference architecture and related features
  • Support for common container runtime platforms (including OpenShift, Tanzu)
  • Support for Percona XtraDB Clusters and/or MariaDB with Galera clusters
  • Kafka consumer support
  • SNI support
  • Productization of existing preview/experimental features (including gRPC, Environment Variables, GraphQL, JSON Schema v6/v7, XSLT 3.0, WebSockets on shared ports)
  • Prioritization of many Community Ideas
  • Modernization monitoring and analytics (e.g. OTLP)
  • Configuration as code v2.0
  • Cloud native API discovery and control
OAuth Toolkit:

  • FAPI 1.0 RAR Support
  • FAPI 2.0 Support
  • Separate DB read vs. write connections for improved multi-region support
  • Customization for Token Deletion Policy
  • Optimization for large scope processing

Mobile SDK:

  • iOS 17
  • Android 14

API Portal:

  • Rate Limits & Quotas for API per Application
  • Policy Template Management
  • Debian OVA
  • Open API Catalogue