How to do the intergration layer safe?
First we need to look in the three cases that the ingeration often be used.
- System to system in the same organization domain.
- System to system that is not in same organization.
- System to open data.
Lets go in to each alternative:
-
In the same domain we can set up a server we trust. Keyclok is a as good open source choice. Then we can use Oath with that server. Every service must then check out a ticket when it do a call to another service. The services that been called must check that service and see if the information is correct.
The ticket is send in "" header with bearer and then the jwt string.
A good library to use is nimbus-jose.
Let see how we use togheter with apache camel
-
System to system that not is in the same organisation is harder to get a server that both organisation trust.
Here we have seen a lot use private and public keys, as the ssh (sftp) protocol use. We can also use in https calls as in trusted certificates.
Public and private key can also be used for the payload.
Let us see how we those these secured patterns in Apache Camel.
-
Open data is only to see that the data can be read and not changed, but that is not the integration responsible.
A good choice is also to let the user have a login just for control who access the data. Not for any particular security reason. But you will have some control who access the data.