Solved! Go to Solution.
It's really a question of your own security practices and the solution design tradeoffs you'll need to make that would determine if this should go into your dmz. Apigee is fully PCI compliant, which means that it has gone through rigorous security testing. Please let us know of any specific security concerns and we'll let you know if it is an issue.
There is no "out of the box" support for WS* security. This would need to be implemented as part of a proxy using a combination of Service Callouts and Extract Variables/Assign Message policies.
Can you provide some context as to why you would want to put Apigee in your dmz?
@Michael Malloy Can you please explain further - what combination of Service Callouts and Extract/Assign messages - will be required to support WS security ? I have the following assumption : The Service Callout - is a JAVA callout - which takes SOAP message - and signs it - sends back an updated SOAP message to Edge - which can then just be passed on to the backend. Is there a known github repository that has this logic implemented ? Any insights on this - would be helpful... as this is rather complex.
Thanks for the response Michael. We have a B2B gateway product which currently resides in DMZ. Mostly we will replace it with API GEE to extend B2B services as API to non business partners as well. Is API GEE a good fit for DMZ or it should be in trusted zone? If DMZ then what makes it a good candidate for DMZ
It's really a question of your own security practices and the solution design tradeoffs you'll need to make that would determine if this should go into your dmz. Apigee is fully PCI compliant, which means that it has gone through rigorous security testing. Please let us know of any specific security concerns and we'll let you know if it is an issue.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |