[prev in list] [next in list] [prev in thread] [next in thread]
List: wsf-java-dev
Subject: Re: [Dev] [API M] Micro Gateway 2.6 allows requests to go through with a JWT that doesnt have any su
From: Nadeesha Gamage <nadeesha () wso2 ! com>
Date: 2018-11-28 5:41:01
Message-ID: CAB83TdW3nuURQzrEgPUUDMedb_GwxaS6iPQueQ3sx7NHXNj7Ng () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/related)]
[Attachment #4 (multipart/alternative)]
Hi Nuwan,
Please find my response below
On Tue, Nov 27, 2018 at 6:00 PM Nuwan Dias <nuwand@wso2.com> wrote:
>
>
> On Tue, Nov 27, 2018 at 4:37 PM Nadeesha Gamage <nadeesha@wso2.com> wrote:
>
>> Hi Nuwan,
>> My concern is based on the following two scenarios
>>
>> *Scenario 1 (for security)*
>> - An API Publisher publish the API "xyz" to which the visibility is
>> restricted only to a given set of roles. The API would be deployed on MG.
>> - User A would not be in the correct role to see the "xyz"API (in API
>> store), but has general access to the store and other APIs available. User
>> A can now generated a JWT that is trusted by MG.
>> - User A simply generates a token without any APIs subscribed under the
>> application so that JWT would have an empty claim under "SubscribedAPIs"
>> - User A gets hold of the url of API "xyz" and would now be able to
>> invoke the API even though he has no subscription or visibility to that
>> particular API.
>>
>> If you want to restrict the access to an API, restricting it just by
> subscriptions is not sufficient. This is why there are scopes to be able to
> protect resources of API at the runtime. Things like scopes are supported
> on the API definition itself and therefore these are applied on the API
> runtime irrespective of the subscriptions.
>
ack, shouldnt we provide atleast a message to let the publishers know that
subscription tiers may not be enforced on requests that comes via the MG.
>
>>
>> *Scenario 2 (for throttling)*
>> - An API Publisher wants to control access to an API based on different
>> HTTP verbs, resources or even based on different roles.
>> - Even after enforcing these limits at different levels (via the
>> publisher) a subscriber who has a valid JWT generated from the store can
>> still access the API without been confined to App, API or resource level
>> throttling limits set by the publisher.
>>
>
> What you are describing here are API level rate limiting options. Which
> are again supported irrespective of subscriptions. The only rate limit
> dependent on the subscription is the subscription tier.
>
ack
>
>> Nadeesha
>>
>>
>> On Tue, Nov 27, 2018 at 2:56 PM Nuwan Dias <nuwand@wso2.com> wrote:
>>
>>> It doesn't by pass the security Nadeesha. You are mandated to send a
>>> valid security token to the Gateway, without which you cannot access any
>>> secured resources.
>>>
>>> The only thing you get with a subscription is the rate at which you are
>>> allowed to access an API. In the default behavior of the product we default
>>> that rate limit to a certain limit which is lower than all other defaults.
>>> If someone is not ok with that limit, then can further reduce or increase
>>> it.
>>>
>>> On Tue, Nov 27, 2018 at 10:16 AM Nadeesha Gamage <nadeesha@wso2.com>
>>> wrote:
>>>
>>>> Hi Nuwan,
>>>> In my option API Microgateway should honor the throttling limits and
>>>> access limitations set by the API Manager product irrespective of the fact
>>>> that we are planning to make it interoperable with 3rd party products and
>>>> open standards. If we allow any request that has a valid JWT to access APIs
>>>> in the micro gateway then there should be an option for API
>>>> creators/publishers to consent this behaviour for their APIs. Otherwise we
>>>> are creating a back channel to bypass the security and throttling (which
>>>> API creator/publisher enforces through the API Publisher).
>>>>
>>>>
>>>> Nadeesha
>>>>
>>>> On Sun, Nov 18, 2018 at 6:16 PM Harsha Kumara <harshak@wso2.com> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Sun, Nov 18, 2018 at 5:27 AM Nuwan Dias <nuwand@wso2.com> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, 18 Nov 2018 at 9:48 am, Nadeesha Gamage <nadeesha@wso2.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi Nuwan,
>>>>>>>
>>>>>>>
>>>>>>> On Sun, Nov 18, 2018 at 5:43 AM Nuwan Dias <nuwand@wso2.com> wrote:
>>>>>>>
>>>>>>>> In the Microgateway the concept of a subscription is optional. This
>>>>>>>> is because the Microgateway is designed as an independent gateway that can
>>>>>>>> run with or without a full API Management system in place. Therefore as
>>>>>>>> long as the Microgateway receives a valid JWT it trusts, it allows the
>>>>>>>> request to pass through. If the JWT contains details of a subscription it
>>>>>>>> will honour it, otherwise it will default to predefined limits for other
>>>>>>>> policies.
>>>>>>>>
>>>>>>>> The idea of micro-* products is to provide developer first
>>>>>>>> experiences for better agility. Hence the motivation for decoupling the
>>>>>>>> gateway runtime as much as possible from the API Management. This way
>>>>>>>> developers can use the MG with a token obtained from any sts that is
>>>>>>>> trusted by the MG (IS, Okta, Ping, etc).
>>>>>>>>
>>>>>>>
>>>>>>> I strongly feel that this should be provided as an option when
>>>>>>> publishing the API, because we allow a creator/publisher to set throttling
>>>>>>> limits and define what token types should be accepted and the MG does not
>>>>>>> honor any of that. Based on the current MG behaviour I feel our story on
>>>>>>> API Management is broken and both standard GW and MG cannot co-exist with
>>>>>>> this behaviour.
>>>>>>>
>>>>>>
>>>>>> Also note that the next release of the Microgateway will not even
>>>>>> require an API Management system at all. You can simply create a
>>>>>> Microgateway runtime from a swagger file and run it in isolation. So the
>>>>>> concept of publishing doesn't even come into the picture.
>>>>>>
>>>>>> We are moving away from the Center of excellence mode of operations.
>>>>>> And unless there is any logical reasoning to do so we won't be thinking
>>>>>> that the regular gateway and Microgateway should have consistent behaviour.
>>>>>>
>>>>>> BTW, we are discussing this on a completely wrong thread. We should
>>>>>> discuss this in public.
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> @Nuwan Bandara <nuwan@wso2.com> what your thoughts?
>>>>>>>
>>>>>>>
>>>>>>>> On Sun, 18 Nov 2018 at 1:01 am, Nalaka Senarathna <nalakas@wso2.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> HI All,
>>>>>>>>>
>>>>>>>>>> From APIM 2.6 onwards we have introduced a feature to invoke an
>>>>>>>>>> API with a valid JWT and this doesn't need to have subscription details.
>>>>>>>>>> The idea here is that users can use any valid jwt and we only check the
>>>>>>>>>> signature verification.
>>>>>>>>>>
>>>>>>>>>> But if the JWT contains the subscription info then we should
>>>>>>>>>> verify and only allow if it matches.
>>>>>>>>>>
>>>>>>>>>> @Nalaka: thoughts?
>>>>>>>>>>
>>>>>>>>> Correct pubudu.
>>>>>>>>>
>>>>>>>>> IMO this needs to be fixed, if we want to allow access to APIs for
>>>>>>>>>> users with a valid JWT (even though they dont have a valid subscription)
>>>>>>>>>> then that should be something that should be configured at an API level.
>>>>>>>>>>
>>>>>>>>> So far we build the micro-gateway distribution for API for already
>>>>>>>>> published API in APIM. The reason behind to made this feature is to build
>>>>>>>>> the micro-gateway distribution directly from the swagger definition. In
>>>>>>>>> this point, we can't configure from API level.
>>>>>>>>>
>>>>>>>>> [1]Skipping subscription in micro-gateway to allow access to
>>>>>>>>> valid JWT
>>>>>>>>>
>>>>>>>>> Thanks. Regards
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sat, Nov 17, 2018 at 11:16 PM Nadeesha Gamage <
>>>>>>>>> nadeesha@wso2.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi all,
>>>>>>>>>> At the moment the behaviour is flowed and here is why
>>>>>>>>>> 1. Anyone who has access to the store can access any API exposed
>>>>>>>>>> via MG without a valid subscription.
>>>>>>>>>> 2. Given that subscriptions are not honored there is no way of
>>>>>>>>>> throttling APIs.
>>>>>>>>>>
>>>>>>>>>> IMO this needs to be fixed, if we want to allow access to APIs
>>>>>>>>>> for users with a valid JWT (even though they dont have a valid
>>>>>>>>>> subscription) then that should be something that should be configured at an
>>>>>>>>>> API level.
>>>>>>>>>>
>>>>>>>>>> Nadeesha
>>>>>>>>>>
>>>>>>>>>> On Sat, Nov 17, 2018 at 10:51 AM Harsha Kumara <harshak@wso2.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Sat, Nov 17, 2018 at 12:12 AM Rajith Roshan <rajithr@wso2.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hi Harsha,
>>>>>>>>>>>> The idea behind is allow to access apis exposed via micro gw if
>>>>>>>>>>>> user has a valid token from a trusted STS. Make subscription validation
>>>>>>>>>>>> configurable in micro gw is something we can do. But that will not allow
>>>>>>>>>>>> apis to be invoked from a third party key manager. Then thers should be set
>>>>>>>>>>>> of micro gws with subscription validation and set without subscription
>>>>>>>>>>>> validation. This will make deployment kind of complex. Wdyt
>>>>>>>>>>>>
>>>>>>>>>>> How about sending empty claim if there is no subscription? So we
>>>>>>>>>>> can make sure that person who use store subscriptions can't use APIs unless
>>>>>>>>>>> they subscribed?
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Sat, 17 Nov 2018, 10:31 Harsha Kumara <harshak@wso2.com
>>>>>>>>>>>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> But it should be enabled separately. How we can enforce person
>>>>>>>>>>>>> who comes to store should need valid subscription to invoke a API?
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Nov 16, 2018 at 11:35 PM Pubudu Gunatilaka <
>>>>>>>>>>>>> pubudug@wso2.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> From APIM 2.6 onwards we have introduced a feature to invoke
>>>>>>>>>>>>>> an API with a valid JWT and this doesn't need to have subscription details.
>>>>>>>>>>>>>> The idea here is that users can use any valid jwt and we only check the
>>>>>>>>>>>>>> signature verification.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> But if the JWT contains the subscription info then we should
>>>>>>>>>>>>>> verify and only allow if it matches.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> @Nalaka: thoughts?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Sat, Nov 17, 2018 at 3:11 AM Harsha Kumara <
>>>>>>>>>>>>>> harshak@wso2.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> If you create a JWT and then if it allowed to invoke APIs
>>>>>>>>>>>>>>> which subscribed aftrwards then it's a bug. We should fix it.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Fri, Nov 16, 2018 at 3:23 PM Nadeesha Gamage <
>>>>>>>>>>>>>>> nadeesha@wso2.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Hi team,
>>>>>>>>>>>>>>>> MG is allowing requests to go through even if the
>>>>>>>>>>>>>>>> application associated with the JWT doesnt have a subscription to the API.
>>>>>>>>>>>>>>>> Please find the screenshots below. Is this by design or is this a bug?
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [image: image.png]
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> [image: image.png]
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>> Nadeesha Gamage
>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer
>>>>>>>>>>>>>>>> T : +94 77 394 5706
>>>>>>>>>>>>>>>> B : https://nadeesha678.wordpress.com/
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Associate Technical Lead, WSO2 Inc.
>>>>>>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>>>>>>> Email: harshak@wso2.coim
>>>>>>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>> *Pubudu Gunatilaka*
>>>>>>>>>>>>>> Committer and PMC Member - Apache Stratos
>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>> WSO2, Inc.: http://wso2.com
>>>>>>>>>>>>>> mobile : +94774078049 <%2B94772207163>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>>
>>>>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>>>>
>>>>>>>>>>>>> Associate Technical Lead, WSO2 Inc.
>>>>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>>>>> Email: harshak@wso2.coim
>>>>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>>>>
>>>>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>>
>>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>>
>>>>>>>>>>> Associate Technical Lead, WSO2 Inc.
>>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>>> Email: harshak@wso2.coim
>>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>>
>>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Nadeesha Gamage
>>>>>>>>>> Senior Lead Solutions Engineer
>>>>>>>>>> T : +94 77 394 5706
>>>>>>>>>> B : https://nadeesha678.wordpress.com/
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> *Nalaka Senarathna*
>>>>>>>>> *Associate Software Engineer | WSO2*
>>>>>>>>>
>>>>>>>>> *Email : nalakas@wso2.com <nalakas@wso2.com>*
>>>>>>>>> *Mobile : +94714118474*
>>>>>>>>> *web : https://wso2.com <https://wso2.com>*
>>>>>>>>> <https://wso2.com/signature>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>> *Nuwan Dias* | Director | WSO2 Inc.
>>>>>>>> (m) +94 777 775 729 | (e) nuwand@wso2.com
>>>>>>>> [image: Signature.jpg]
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Nadeesha Gamage
>>>>>>> Senior Lead Solutions Engineer
>>>>>>> T : +94 77 394 5706
>>>>>>> B : https://nadeesha678.wordpress.com/
>>>>>>>
>>>>>> --
>>>>>> *Nuwan Dias* | Director | WSO2 Inc.
>>>>>> (m) +94 777 775 729 | (e) nuwand@wso2.com
>>>>>> [image: Signature.jpg]
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>> *Harsha Kumara*
>>>>>
>>>>> Associate Technical Lead, WSO2 Inc.
>>>>> Mobile: +94775505618
>>>>> Email: harshak@wso2.coim
>>>>> Blog: harshcreationz.blogspot.com
>>>>>
>>>>> GET INTEGRATION AGILE
>>>>> Integration Agility for Digitally Driven Business
>>>>>
>>>>
>>>>
>>>> --
>>>> Nadeesha Gamage
>>>> Senior Lead Solutions Engineer
>>>> T : +94 77 394 5706
>>>> B : https://nadeesha678.wordpress.com/
>>>>
>>>
>>>
>>> --
>>> *Nuwan Dias* | Director | WSO2 Inc.
>>> (m) +94 777 775 729 | (e) nuwand@wso2.com
>>> [image: Signature.jpg]
>>>
>>
>>
>> --
>> Nadeesha Gamage
>> Senior Lead Solutions Engineer
>> T : +94 77 394 5706
>> B : https://nadeesha678.wordpress.com/
>>
>
>
> --
> *Nuwan Dias* | Director | WSO2 Inc.
> (m) +94 777 775 729 | (e) nuwand@wso2.com
> [image: Signature.jpg]
>
--
Nadeesha Gamage
Senior Lead Solutions Engineer
T : +94 77 394 5706
B : https://nadeesha678.wordpress.com/
[Attachment #7 (text/html)]
<div dir="ltr">Hi Nuwan,<div>Please find my response below</div><br><div \
class="gmail_quote"><div dir="ltr">On Tue, Nov 27, 2018 at 6:00 PM Nuwan Dias <<a \
href="mailto:nuwand@wso2.com">nuwand@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><br><br><div class="gmail_quote"><div \
dir="ltr">On Tue, Nov 27, 2018 at 4:37 PM Nadeesha Gamage <<a \
href="mailto:nadeesha@wso2.com" target="_blank">nadeesha@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Nuwan,<div>My \
concern is based on the following two \
scenarios</div><div><b><br></b></div><div><b>Scenario 1 (for \
security)</b></div><div>- An API Publisher publish the API "xyz" to which \
the visibility is restricted only to a given set of roles. The API would be deployed \
on MG.</div><div>- User A would not be in the correct role to see the \
"xyz"API (in API store), but has general access to the store and other APIs \
available. User A can now generated a JWT that is trusted by MG. </div><div>- User A \
simply generates a token without any APIs subscribed under the application so that \
JWT would have an empty claim under "SubscribedAPIs"</div><div>- User A \
gets hold of the url of API "xyz" and would now be able to invoke the API \
even though he has no subscription or visibility to that particular \
API.</div><div><br></div></div></blockquote><div>If you want to restrict the access \
to an API, restricting it just by subscriptions is not sufficient. This is why there \
are scopes to be able to protect resources of API at the runtime. Things like scopes \
are supported on the API definition itself and therefore these are applied on the API \
runtime irrespective of the subscriptions.</div></div></div></blockquote><div>ack, \
shouldnt we provide atleast a message to let the publishers know that subscription \
tiers may not be enforced on requests that comes via the MG.</div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div \
dir="ltr"><div></div><div><br></div><div><br></div><div><b>Scenario 2 (for \
throttling)</b></div><div>- An API Publisher wants to control access to an API based \
on different HTTP verbs, resources or even based on different roles.</div><div>- Even \
after enforcing these limits at different levels (via the publisher) a subscriber who \
has a valid JWT generated from the store can still access the API without been \
confined to App, API or resource level throttling limits set by the \
publisher.</div></div></blockquote><div><br></div><div>What you are describing here \
are API level rate limiting options. Which are again supported irrespective of \
subscriptions. The only rate limit dependent on the subscription is the subscription \
tier.</div></div></div></blockquote><div>ack </div><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div \
dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 \
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div \
dir="ltr"><div><br></div><div>Nadeesha</div><div><br></div></div><br><div \
class="gmail_quote"><div dir="ltr">On Tue, Nov 27, 2018 at 2:56 PM Nuwan Dias <<a \
href="mailto:nuwand@wso2.com" target="_blank">nuwand@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">It doesn't by \
pass the security Nadeesha. You are mandated to send a valid security token to the \
Gateway, without which you cannot access any secured \
resources.<div><br></div><div>The only thing you get with a subscription is the rate \
at which you are allowed to access an API. In the default behavior of the product we \
default that rate limit to a certain limit which is lower than all other defaults. If \
someone is not ok with that limit, then can further reduce or increase \
it.</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 27, 2018 at \
10:16 AM Nadeesha Gamage <<a href="mailto:nadeesha@wso2.com" \
target="_blank">nadeesha@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi Nuwan,<div>In my option API Microgateway \
should honor the throttling limits and access limitations set by the API Manager \
product irrespective of the fact that we are planning to make it interoperable with \
3rd party products and open standards. If we allow any request that has a valid JWT \
to access APIs in the micro gateway then there should be an option for API \
creators/publishers to consent this behaviour for their APIs. Otherwise we are \
creating a back channel to bypass the security and throttling (which API \
creator/publisher enforces through the API \
Publisher).</div><div><br></div><div><br></div><div>Nadeesha</div></div><br><div \
class="gmail_quote"><div dir="ltr">On Sun, Nov 18, 2018 at 6:16 PM Harsha Kumara \
<<a href="mailto:harshak@wso2.com" target="_blank">harshak@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br></div><br><div \
class="gmail_quote"><div dir="ltr">On Sun, Nov 18, 2018 at 5:27 AM Nuwan Dias <<a \
href="mailto:nuwand@wso2.com" target="_blank">nuwand@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div><br></div><div><br><div \
class="gmail_quote"><div dir="ltr">On Sun, 18 Nov 2018 at 9:48 am, Nadeesha Gamage \
<<a href="mailto:nadeesha@wso2.com" target="_blank">nadeesha@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi \
Nuwan,<div><br></div><br><div class="gmail_quote"><div dir="ltr">On Sun, Nov 18, 2018 \
at 5:43 AM Nuwan Dias <<a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div><div dir="auto">In the Microgateway the concept of a \
subscription is optional. This is because the Microgateway is designed as an \
independent gateway that can run with or without a full API Management system in \
place. Therefore as long as the Microgateway receives a valid JWT it trusts, it \
allows the request to pass through. If the JWT contains details of a subscription it \
will honour it, otherwise it will default to predefined limits for other \
policies.</div></div><div dir="auto"><br></div><div dir="auto">The idea of micro-* \
products is to provide developer first experiences for better agility. Hence the \
motivation for decoupling the gateway runtime as much as possible from the API \
Management. This way developers can use the MG with a token obtained from any sts \
that is trusted by the MG (IS, Okta, Ping, \
etc).</div></blockquote><div><br></div><div>I strongly feel that this should be \
provided as an option when publishing the API, because we allow a creator/publisher \
to set throttling limits and define what token types should be accepted and the MG \
does not honor any of that. Based on the current MG behaviour I feel our story on API \
Management is broken and both standard GW and MG cannot co-exist with this behaviour. \
</div></div></div></blockquote><div dir="auto"><br></div><div dir="auto"><div \
dir="auto"><div dir="auto">Also note that the next release of the Microgateway will \
not even require an API Management system at all. You can simply create a \
Microgateway runtime from a swagger file and run it in isolation. So the concept of \
publishing doesn't even come into the picture.</div></div><div \
dir="auto"><br></div><div dir="auto">We are moving away from the Center of excellence \
mode of operations. And unless there is any logical reasoning to do so we won't be \
thinking that the regular gateway and Microgateway should have consistent \
behaviour.</div><div dir="auto"><br></div><div dir="auto">BTW, we are discussing this \
on a completely wrong thread. We should discuss this in \
public.</div></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div \
class="gmail_quote"><div><br></div><div><br></div><div><a class="gmail_plusreply" \
id="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820759 \
727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027255165plusReplyChip-0" \
href="mailto:nuwan@wso2.com" target="_blank">@Nuwan Bandara</a> what your \
thoughts?<br></div></div></div><div dir="ltr"><div \
class="gmail_quote"><div><br></div><blockquote class="gmail_quote" style="margin:0 0 \
0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><br><div \
class="gmail_quote"><div dir="ltr">On Sun, 18 Nov 2018 at 1:01 am, Nalaka Senarathna \
<<a href="mailto:nalakas@wso2.com" target="_blank">nalakas@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">HI \
All,<div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">From \
APIM 2.6 onwards we have introduced a feature to invoke an API with a valid JWT and \
this doesn't need to have subscription details. The idea here is that users can use \
any valid jwt and we only check the signature verification. </div><div \
dir="auto"><br></div><div dir="auto">But if the JWT contains the subscription info \
then we should verify and only allow if it matches.</div><div \
dir="auto"><br></div><div dir="auto">@Nalaka: \
thoughts?</div></blockquote><div>Correct pubudu.</div><div><br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">IMO this needs to be fixed, if we want to allow \
access to APIs for users with a valid JWT (even though they dont have a valid \
subscription) then that should be something that should be configured at an API \
level.<br></blockquote><div>So far we build the micro-gateway distribution for API \
for already published API in APIM. The reason behind to made this feature is to build \
the micro-gateway distribution directly from the swagger definition. In this point, \
we can't configure from API level.</div><div><br></div><div>[1]<span \
style="color:rgb(69,69,69);font-family:"Helvetica \
Neue";font-size:12px">Skipping subscription in micro-gateway to allow access to \
valid JWT</span></div>
<div><br></div><div>Thanks. Regards</div><div><br></div></div></div><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at 11:16 PM Nadeesha Gamage \
<<a href="mailto:nadeesha@wso2.com" target="_blank">nadeesha@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi all,<div>At the \
moment the behaviour is flowed and here is why</div><div>1. Anyone who has access to \
the store can access any API exposed via MG without a valid \
subscription.</div><div>2. Given that subscriptions are not honored there is no way \
of throttling APIs.<br></div><div><br></div><div>IMO this needs to be fixed, if we \
want to allow access to APIs for users with a valid JWT (even though they dont have a \
valid subscription) then that should be something that should be configured at an API \
level. </div><div><br></div><div>Nadeesha</div></div><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at 10:51 AM Harsha Kumara \
<<a href="mailto:harshak@wso2.com" target="_blank">harshak@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at 12:12 AM Rajith Roshan \
<<a href="mailto:rajithr@wso2.com" target="_blank">rajithr@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Hi Harsha,<div \
dir="auto">The idea behind is allow to access apis exposed via micro gw if user has a \
valid token from a trusted STS. Make subscription validation configurable in micro gw \
is something we can do. But that will not allow apis to be invoked from a third party \
key manager. Then thers should be set of micro gws with subscription validation and \
set without subscription validation. This will make deployment kind of complex. \
Wdyt</div></div></blockquote><div>How about sending empty claim if there is no \
subscription? So we can make sure that person who use store subscriptions can't \
use APIs unless they subscribed? </div><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br><div \
class="gmail_quote"><div dir="ltr">On Sat, 17 Nov 2018, 10:31 Harsha Kumara <<a \
href="mailto:harshak@wso2.com" target="_blank">harshak@wso2.com</a> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">But it should be \
enabled separately. How we can enforce person who comes to store should need valid \
subscription to invoke a API?</div><br><div class="gmail_quote"><div dir="ltr">On \
Fri, Nov 16, 2018 at 11:35 PM Pubudu Gunatilaka <<a href="mailto:pubudug@wso2.com" \
rel="noreferrer" target="_blank">pubudug@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div><div dir="auto">Hi,</div></div><div \
dir="auto"><br></div><div dir="auto">From APIM 2.6 onwards we have introduced a \
feature to invoke an API with a valid JWT and this doesn't need to have subscription \
details. The idea here is that users can use any valid jwt and we only check the \
signature verification. </div><div dir="auto"><br></div><div dir="auto">But if the \
JWT contains the subscription info then we should verify and only allow if it \
matches.</div><div dir="auto"><br></div><div dir="auto">@Nalaka: thoughts?</div><div \
dir="auto"><br></div><div dir="auto">Thank you!</div><div><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at 3:11 AM Harsha Kumara \
<<a href="mailto:harshak@wso2.com" rel="noreferrer" \
target="_blank">harshak@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">If you create a JWT and then if it allowed to \
invoke APIs which subscribed aftrwards then it's a bug. We should fix \
it.</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Nov 16, 2018 at 3:23 PM \
Nadeesha Gamage <<a href="mailto:nadeesha@wso2.com" rel="noreferrer" \
target="_blank">nadeesha@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div dir="ltr">Hi team,<div>MG is allowing requests to go \
through even if the application associated with the JWT doesnt have a subscription to \
the API. Please find the screenshots below. Is this by design or is this a \
bug?</div><div><br></div><div><div><img \
src="https://mail.google.com/mail/u/0?ui=2&ik=f04c1f1c69&attid=0.4&permmsg \
id=msg-a:r-6953667307078040555&view=fimg&sz=s0-l75-ft&attbid=ANGjdJ-NWGuJR \
hTxURzlO1pnQeD69y8rlWSUy1cB8V02Dr0Sj0HxyKbQrMFgVabZLM0qyyaOTXNd0GN5cCTfA6sEmIO3S_Prf3ePu-fmj4YXJCh2y64UQjLsjWr_OFc&disp=emb&realattid=ii_jokgzeui0" \
alt="image.png" style="width:667px;max-width:100%"><br></div><div><br></div><div><div><img \
src="cid:ii_jlzchx6n1" alt="image.png" \
style="width:667px;max-width:100%"><br></div></div><div><br></div><div><br></div><div><div><br></div>-- \
<br><div dir="ltr" class="m_-7394458216237717686m_-5523122197361059455m_85637746960163 \
79424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_881791821998923 \
6196m_-170533031027255165m_-3850863669589702253m_1317310889766916717m_-272981210792907 \
4077m_-6336042448784824828m_-865467441741341975m_8881799680404703889m_3997391788452834355m_4242926595161616509m_-7429562992032511693gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Nadeesha \
Gamage<br></div>Senior Lead Solutions Engineer<br>T : +94 77 394 \
5706<br></div></div><div>B : <a href="https://nadeesha678.wordpress.com/" \
rel="noreferrer" target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027 \
255165m_-3850863669589702253m_1317310889766916717m_-2729812107929074077m_-633604244878 \
4824828m_-865467441741341975m_8881799680404703889m_3997391788452834355m_4242926595161616509gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" rel="noreferrer" \
target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" rel="noreferrer" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven Business</div></div></div></div></div></div> \
</blockquote></div></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027 \
255165m_-3850863669589702253m_1317310889766916717m_-2729812107929074077m_-633604244878 \
4824828m_-865467441741341975m_8881799680404703889m_3997391788452834355gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><font \
color="#888888"><span style="font-size:13px;background-color:rgb(255,255,255)"><span \
style="color:rgb(68,68,68)"><span style="background-color:rgb(255,255,255)"><font \
style="font-family:arial" face="arial, helvetica, sans-serif"><b>Pubudu \
Gunatilaka</b></font></span></span></span></font></div><div dir="ltr"><span \
style="color:rgb(153,153,153);font-size:x-small">Committer and PMC Member - Apache \
Stratos</span><br></div><div><font color="#888888"><span \
style="font-size:13px;background-color:rgb(255,255,255)"><div \
style="font-family:arial,sans-serif;color:rgb(51,51,51)"><div \
style="font-family:arial"><span style="border-collapse:collapse"><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span \
style="color:rgb(153,153,153)"><font size="1">Associate Technical \
Lead</font></span></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span \
style="color:rgb(153,153,153)"><font size="1">WSO2, Inc.:<a href="http://wso2.com" \
rel="noreferrer" target="_blank"> http://wso2.com</a></font></span></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span \
style="color:rgb(153,153,153);font-size:x-small">mobile : </span><a \
href="tel:%2B94772207163" value="+94772207163" \
style="font-size:x-small;color:rgb(17,85,204)" rel="noreferrer" \
target="_blank">+94774078049</a></div><font face="arial, helvetica, sans-serif"><a \
value="+94718279777" rel="noreferrer"><span \
style="background-color:rgb(255,255,255)"><br></span></a></font></span></div></div></span></font></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027 \
255165m_-3850863669589702253m_1317310889766916717m_-2729812107929074077m_-6336042448784824828m_-865467441741341975m_8881799680404703889gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" rel="noreferrer" \
target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" rel="noreferrer" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven Business</div></div></div></div></div></div> \
</blockquote></div> </blockquote></div><br clear="all"><div><br></div>-- <br><div \
dir="ltr" class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_78 \
2145651820759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-17 \
0533031027255165m_-3850863669589702253m_1317310889766916717m_-2729812107929074077m_-6336042448784824828gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven Business</div></div></div></div></div></div></div> \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027 \
255165m_-3850863669589702253m_1317310889766916717m_-2729812107929074077gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Nadeesha \
Gamage<br></div>Senior Lead Solutions Engineer<br>T : +94 77 394 \
5706<br></div></div><div>B : <a href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027255165m_-3850863669589702253m_1317310889766916717gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div><b \
style="font-size:12.8px">Nalaka Senarathna</b><br></div><div \
dir="ltr"><div><b>Associate Software Engineer | \
WSO2</b></div><div><b><br></b></div><div><b>Email : <a href="mailto:nalakas@wso2.com" \
target="_blank">nalakas@wso2.com</a></b></div><div><b>Mobile : \
+94714118474</b></div><div><b>web : <a href="https://wso2.com" target="_blank"> \
https://wso2.com</a></b></div><div><a href="https://wso2.com/signature" \
target="_blank"><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"></a><br></div><div><br></div></div></div></div></div>
</blockquote></div></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027255165m_-3850863669589702253gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 \
Inc.<br></div><div>(m) +94 777 775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" style="width:446px;max-width:100%"></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027255165gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Nadeesha \
Gamage<br></div>Senior Lead Solutions Engineer<br>T : +94 77 394 \
5706<br></div></div><div>B : <a href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820 \
759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 \
Inc.<br></div><div>(m) +94 777 775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" width="326" height="43" \
style="margin-right:0px"></div></div></div></div></div></div></div></div> \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820759727gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div \
dir="ltr"><div dir="ltr"><div dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 \
Inc.<br></div><div>(m) +94 777 775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" width="326" height="43" \
style="margin-right:0px"></div></div></div></div></div></div></div></div> \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686m_-5523122197361059455m_8563774696016379424gmail_signature" \
data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Nadeesha \
Gamage<br></div>Senior Lead Solutions Engineer<br>T : +94 77 394 \
5706<br></div></div><div>B : <a href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="m_-7394458216237717686gmail_signature" data-smartmail="gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 Inc.<br></div><div>(m) +94 777 \
775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" width="326" height="43" \
style="margin-right:0px"></div></div></div></div></div></div></div></div></div> \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div>Nadeesha Gamage<br></div>Senior Lead Solutions Engineer<br>T : +94 77 \
394 5706<br></div></div><div>B : <a href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div></div>
--0000000000009eec87057bb2d83a--
["Signature.jpg" (image/jpeg)]
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic