[prev in list] [next in list] [prev in thread] [next in thread]
List: wsf-javascript-dev
Subject: Re: [Dev] [API M] Micro Gateway 2.6 allows requests to go through with a JWT that doesnt have any su
From: Harsha Kumara <harshak () wso2 ! com>
Date: 2019-08-19 2:56:04
Message-ID: CAF1mz2DE2rxgHKjkkHzeZTe=NrcW_VYszjnVzrqSc2Oes5U7Hg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/related)]
[Attachment #4 (multipart/alternative)]
On Wed, Nov 28, 2018 at 10:59 AM Nadeesha Gamage <nadeesha@wso2.com> wrote:
> Hi Nuwan,
> Please find my response below
>
> On Tue, Nov 27, 2018 at 6:00 PM Nuwan Dias <nuwand@wso2.com> wrote:
>
>>
>>
>> On Tue, Nov 27, 2018 at 4:37 PM Nadeesha Gamage <nadeesha@wso2.com>
>> wrote:
>>
>>> Hi Nuwan,
>>> My concern is based on the following two scenarios
>>>
>>> *Scenario 1 (for security)*
>>> - An API Publisher publish the API "xyz" to which the visibility is
>>> restricted only to a given set of roles. The API would be deployed on MG.
>>> - User A would not be in the correct role to see the "xyz"API (in API
>>> store), but has general access to the store and other APIs available. User
>>> A can now generated a JWT that is trusted by MG.
>>> - User A simply generates a token without any APIs subscribed under the
>>> application so that JWT would have an empty claim under "SubscribedAPIs"
>>> - User A gets hold of the url of API "xyz" and would now be able to
>>> invoke the API even though he has no subscription or visibility to that
>>> particular API.
>>>
>>> If you want to restrict the access to an API, restricting it just by
>> subscriptions is not sufficient. This is why there are scopes to be able to
>> protect resources of API at the runtime. Things like scopes are supported
>> on the API definition itself and therefore these are applied on the API
>> runtime irrespective of the subscriptions.
>>
> ack, shouldnt we provide atleast a message to let the publishers know that
> subscription tiers may not be enforced on requests that comes via the MG.
>
>>
>>>
>>> *Scenario 2 (for throttling)*
>>> - An API Publisher wants to control access to an API based on different
>>> HTTP verbs, resources or even based on different roles.
>>> - Even after enforcing these limits at different levels (via the
>>> publisher) a subscriber who has a valid JWT generated from the store can
>>> still access the API without been confined to App, API or resource level
>>> throttling limits set by the publisher.
>>>
>>
>> What you are describing here are API level rate limiting options. Which
>> are again supported irrespective of subscriptions. The only rate limit
>> dependent on the subscription is the subscription tier.
>>
> ack
>
>>
>>> Nadeesha
>>>
>>>
>>> On Tue, Nov 27, 2018 at 2:56 PM Nuwan Dias <nuwand@wso2.com> wrote:
>>>
>>>> It doesn't by pass the security Nadeesha. You are mandated to send a
>>>> valid security token to the Gateway, without which you cannot access any
>>>> secured resources.
>>>>
>>>> The only thing you get with a subscription is the rate at which you are
>>>> allowed to access an API. In the default behavior of the product we default
>>>> that rate limit to a certain limit which is lower than all other defaults.
>>>> If someone is not ok with that limit, then can further reduce or increase
>>>> it.
>>>>
>>>> On Tue, Nov 27, 2018 at 10:16 AM Nadeesha Gamage <nadeesha@wso2.com>
>>>> wrote:
>>>>
>>>>> Hi Nuwan,
>>>>> In my option API Microgateway should honor the throttling limits and
>>>>> access limitations set by the API Manager product irrespective of the fact
>>>>> that we are planning to make it interoperable with 3rd party products and
>>>>> open standards. If we allow any request that has a valid JWT to access APIs
>>>>> in the micro gateway then there should be an option for API
>>>>> creators/publishers to consent this behaviour for their APIs. Otherwise we
>>>>> are creating a back channel to bypass the security and throttling (which
>>>>> API creator/publisher enforces through the API Publisher).
>>>>>
>>>>>
>>>>> Nadeesha
>>>>>
>>>>> On Sun, Nov 18, 2018 at 6:16 PM Harsha Kumara <harshak@wso2.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Sun, Nov 18, 2018 at 5:27 AM Nuwan Dias <nuwand@wso2.com> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sun, 18 Nov 2018 at 9:48 am, Nadeesha Gamage <nadeesha@wso2.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hi Nuwan,
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sun, Nov 18, 2018 at 5:43 AM Nuwan Dias <nuwand@wso2.com> wrote:
>>>>>>>>
>>>>>>>>> In the Microgateway the concept of a subscription is optional.
>>>>>>>>> This is because the Microgateway is designed as an independent gateway that
>>>>>>>>> can run with or without a full API Management system in place. Therefore as
>>>>>>>>> long as the Microgateway receives a valid JWT it trusts, it allows the
>>>>>>>>> request to pass through. If the JWT contains details of a subscription it
>>>>>>>>> will honour it, otherwise it will default to predefined limits for other
>>>>>>>>> policies.
>>>>>>>>>
>>>>>>>>> The idea of micro-* products is to provide developer first
>>>>>>>>> experiences for better agility. Hence the motivation for decoupling the
>>>>>>>>> gateway runtime as much as possible from the API Management. This way
>>>>>>>>> developers can use the MG with a token obtained from any sts that is
>>>>>>>>> trusted by the MG (IS, Okta, Ping, etc).
>>>>>>>>>
>>>>>>>>
>>>>>>>> I strongly feel that this should be provided as an option when
>>>>>>>> publishing the API, because we allow a creator/publisher to set throttling
>>>>>>>> limits and define what token types should be accepted and the MG does not
>>>>>>>> honor any of that. Based on the current MG behaviour I feel our story on
>>>>>>>> API Management is broken and both standard GW and MG cannot co-exist with
>>>>>>>> this behaviour.
>>>>>>>>
>>>>>>>
>>>>>>> Also note that the next release of the Microgateway will not even
>>>>>>> require an API Management system at all. You can simply create a
>>>>>>> Microgateway runtime from a swagger file and run it in isolation. So the
>>>>>>> concept of publishing doesn't even come into the picture.
>>>>>>>
>>>>>>> We are moving away from the Center of excellence mode of operations.
>>>>>>> And unless there is any logical reasoning to do so we won't be thinking
>>>>>>> that the regular gateway and Microgateway should have consistent behaviour.
>>>>>>>
>>>>>>> BTW, we are discussing this on a completely wrong thread. We should
>>>>>>> discuss this in public.
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> @Nuwan Bandara <nuwan@wso2.com> what your thoughts?
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Sun, 18 Nov 2018 at 1:01 am, Nalaka Senarathna <
>>>>>>>>> nalakas@wso2.com> wrote:
>>>>>>>>>
>>>>>>>>>> HI All,
>>>>>>>>>>
>>>>>>>>>>> From APIM 2.6 onwards we have introduced a feature to invoke an
>>>>>>>>>>> API with a valid JWT and this doesn't need to have subscription details.
>>>>>>>>>>> The idea here is that users can use any valid jwt and we only check the
>>>>>>>>>>> signature verification.
>>>>>>>>>>>
>>>>>>>>>>> But if the JWT contains the subscription info then we should
>>>>>>>>>>> verify and only allow if it matches.
>>>>>>>>>>>
>>>>>>>>>>> @Nalaka: thoughts?
>>>>>>>>>>>
>>>>>>>>>> Correct pubudu.
>>>>>>>>>>
>>>>>>>>>> IMO this needs to be fixed, if we want to allow access to APIs
>>>>>>>>>>> for users with a valid JWT (even though they dont have a valid
>>>>>>>>>>> subscription) then that should be something that should be configured at an
>>>>>>>>>>> API level.
>>>>>>>>>>>
>>>>>>>>>> So far we build the micro-gateway distribution for API for
>>>>>>>>>> already published API in APIM. The reason behind to made this feature is to
>>>>>>>>>> build the micro-gateway distribution directly from the swagger definition.
>>>>>>>>>> In this point, we can't configure from API level.
>>>>>>>>>>
>>>>>>>>>> [1]Skipping subscription in micro-gateway to allow access to
>>>>>>>>>> valid JWT
>>>>>>>>>>
>>>>>>>>>> Thanks. Regards
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Sat, Nov 17, 2018 at 11:16 PM Nadeesha Gamage <
>>>>>>>>>> nadeesha@wso2.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi all,
>>>>>>>>>>> At the moment the behaviour is flowed and here is why
>>>>>>>>>>> 1. Anyone who has access to the store can access any API exposed
>>>>>>>>>>> via MG without a valid subscription.
>>>>>>>>>>> 2. Given that subscriptions are not honored there is no way of
>>>>>>>>>>> throttling APIs.
>>>>>>>>>>>
>>>>>>>>>>> IMO this needs to be fixed, if we want to allow access to APIs
>>>>>>>>>>> for users with a valid JWT (even though they dont have a valid
>>>>>>>>>>> subscription) then that should be something that should be configured at an
>>>>>>>>>>> API level.
>>>>>>>>>>>
>>>>>>>>>>> Nadeesha
>>>>>>>>>>>
>>>>>>>>>>> On Sat, Nov 17, 2018 at 10:51 AM Harsha Kumara <harshak@wso2.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Sat, Nov 17, 2018 at 12:12 AM Rajith Roshan <
>>>>>>>>>>>> rajithr@wso2.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hi Harsha,
>>>>>>>>>>>>> The idea behind is allow to access apis exposed via micro gw
>>>>>>>>>>>>> if user has a valid token from a trusted STS. Make subscription validation
>>>>>>>>>>>>> configurable in micro gw is something we can do. But that will not allow
>>>>>>>>>>>>> apis to be invoked from a third party key manager. Then thers should be set
>>>>>>>>>>>>> of micro gws with subscription validation and set without subscription
>>>>>>>>>>>>> validation. This will make deployment kind of complex. Wdyt
>>>>>>>>>>>>>
>>>>>>>>>>>> How about sending empty claim if there is no subscription? So
>>>>>>>>>>>> we can make sure that person who use store subscriptions can't use APIs
>>>>>>>>>>>> unless they subscribed?
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Sat, 17 Nov 2018, 10:31 Harsha Kumara <harshak@wso2.com
>>>>>>>>>>>>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> But it should be enabled separately. How we can enforce
>>>>>>>>>>>>>> person who comes to store should need valid subscription to invoke a API?
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Fri, Nov 16, 2018 at 11:35 PM Pubudu Gunatilaka <
>>>>>>>>>>>>>> pubudug@wso2.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> From APIM 2.6 onwards we have introduced a feature to invoke
>>>>>>>>>>>>>>> an API with a valid JWT and this doesn't need to have subscription details.
>>>>>>>>>>>>>>> The idea here is that users can use any valid jwt and we only check the
>>>>>>>>>>>>>>> signature verification.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> But if the JWT contains the subscription info then we should
>>>>>>>>>>>>>>> verify and only allow if it matches.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> @Nalaka: thoughts?
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thank you!
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Sat, Nov 17, 2018 at 3:11 AM Harsha Kumara <
>>>>>>>>>>>>>>> harshak@wso2.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> If you create a JWT and then if it allowed to invoke APIs
>>>>>>>>>>>>>>>> which subscribed aftrwards then it's a bug. We should fix it.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Fri, Nov 16, 2018 at 3:23 PM Nadeesha Gamage <
>>>>>>>>>>>>>>>> nadeesha@wso2.com> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Hi team,
>>>>>>>>>>>>>>>>> MG is allowing requests to go through even if the
>>>>>>>>>>>>>>>>> application associated with the JWT doesnt have a subscription to the API.
>>>>>>>>>>>>>>>>> Please find the screenshots below. Is this by design or is this a bug?
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> [image: image.png]
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> [image: image.png]
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> Nadeesha Gamage
>>>>>>>>>>>>>>>>> Senior Lead Solutions Engineer
>>>>>>>>>>>>>>>>> T : +94 77 394 5706
>>>>>>>>>>>>>>>>> B : https://nadeesha678.wordpress.com/
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Associate Technical Lead, WSO2 Inc.
>>>>>>>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>>>>>>>> Email: harshak@wso2.coim
>>>>>>>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>> *Pubudu Gunatilaka*
>>>>>>>>>>>>>>> Committer and PMC Member - Apache Stratos
>>>>>>>>>>>>>>> Associate Technical Lead
>>>>>>>>>>>>>>> WSO2, Inc.: http://wso2.com
>>>>>>>>>>>>>>> mobile : +94774078049 <%2B94772207163>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Associate Technical Lead, WSO2 Inc.
>>>>>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>>>>>> Email: harshak@wso2.coim
>>>>>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>>
>>>>>>>>>>>> *Harsha Kumara*
>>>>>>>>>>>>
>>>>>>>>>>>> Associate Technical Lead, WSO2 Inc.
>>>>>>>>>>>> Mobile: +94775505618
>>>>>>>>>>>> Email: harshak@wso2.coim
>>>>>>>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>>>>>>>
>>>>>>>>>>>> GET INTEGRATION AGILE
>>>>>>>>>>>> Integration Agility for Digitally Driven Business
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Nadeesha Gamage
>>>>>>>>>>> Senior Lead Solutions Engineer
>>>>>>>>>>> T : +94 77 394 5706
>>>>>>>>>>> B : https://nadeesha678.wordpress.com/
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> *Nalaka Senarathna*
>>>>>>>>>> *Associate Software Engineer | WSO2*
>>>>>>>>>>
>>>>>>>>>> *Email : nalakas@wso2.com <nalakas@wso2.com>*
>>>>>>>>>> *Mobile : +94714118474*
>>>>>>>>>> *web : https://wso2.com <https://wso2.com>*
>>>>>>>>>> <https://wso2.com/signature>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>> *Nuwan Dias* | Director | WSO2 Inc.
>>>>>>>>> (m) +94 777 775 729 | (e) nuwand@wso2.com
>>>>>>>>> [image: Signature.jpg]
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Nadeesha Gamage
>>>>>>>> Senior Lead Solutions Engineer
>>>>>>>> T : +94 77 394 5706
>>>>>>>> B : https://nadeesha678.wordpress.com/
>>>>>>>>
>>>>>>> --
>>>>>>> *Nuwan Dias* | Director | WSO2 Inc.
>>>>>>> (m) +94 777 775 729 | (e) nuwand@wso2.com
>>>>>>> [image: Signature.jpg]
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> *Harsha Kumara*
>>>>>>
>>>>>> Associate Technical Lead, WSO2 Inc.
>>>>>> Mobile: +94775505618
>>>>>> Email: harshak@wso2.coim
>>>>>> Blog: harshcreationz.blogspot.com
>>>>>>
>>>>>> GET INTEGRATION AGILE
>>>>>> Integration Agility for Digitally Driven Business
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Nadeesha Gamage
>>>>> Senior Lead Solutions Engineer
>>>>> T : +94 77 394 5706
>>>>> B : https://nadeesha678.wordpress.com/
>>>>>
>>>>
>>>>
>>>> --
>>>> *Nuwan Dias* | Director | WSO2 Inc.
>>>> (m) +94 777 775 729 | (e) nuwand@wso2.com
>>>> [image: Signature.jpg]
>>>>
>>>
>>>
>>> --
>>> Nadeesha Gamage
>>> Senior Lead Solutions Engineer
>>> T : +94 77 394 5706
>>> B : https://nadeesha678.wordpress.com/
>>>
>>
>>
>> --
>> *Nuwan Dias* | Director | WSO2 Inc.
>> (m) +94 777 775 729 | (e) nuwand@wso2.com
>> [image: Signature.jpg]
>>
>
>
> --
> Nadeesha Gamage
> Senior Lead Solutions Engineer
> T : +94 77 394 5706
> B : https://nadeesha678.wordpress.com/
>
--
*Harsha Kumara*
Technical Lead, WSO2 Inc.
Mobile: +94775505618
Email: harshak@wso2.coim
Blog: harshcreationz.blogspot.com
GET INTEGRATION AGILE
Integration Agility for Digitally Driven Business
[Attachment #7 (text/html)]
<div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" \
class="gmail_attr">On Wed, Nov 28, 2018 at 10:59 AM Nadeesha Gamage <<a \
href="mailto:nadeesha@wso2.com">nadeesha@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Nuwan,<div>Please find my \
response below</div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 27, 2018 \
at 6:00 PM Nuwan Dias <<a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><br><div \
class="gmail_quote"><div dir="ltr">On Tue, Nov 27, 2018 at 4:37 PM Nadeesha Gamage \
<<a href="mailto:nadeesha@wso2.com" target="_blank">nadeesha@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi \
Nuwan,<div>My concern is based on the following two \
scenarios</div><div><b><br></b></div><div><b>Scenario 1 (for \
security)</b></div><div>- An API Publisher publish the API "xyz" to which \
the visibility is restricted only to a given set of roles. The API would be deployed \
on MG.</div><div>- User A would not be in the correct role to see the \
"xyz"API (in API store), but has general access to the store and other APIs \
available. User A can now generated a JWT that is trusted by MG. </div><div>- User A \
simply generates a token without any APIs subscribed under the application so that \
JWT would have an empty claim under "SubscribedAPIs"</div><div>- User A \
gets hold of the url of API "xyz" and would now be able to invoke the API \
even though he has no subscription or visibility to that particular \
API.</div><div><br></div></div></blockquote><div>If you want to restrict the access \
to an API, restricting it just by subscriptions is not sufficient. This is why there \
are scopes to be able to protect resources of API at the runtime. Things like scopes \
are supported on the API definition itself and therefore these are applied on the API \
runtime irrespective of the subscriptions.</div></div></div></blockquote><div>ack, \
shouldnt we provide atleast a message to let the publishers know that subscription \
tiers may not be enforced on requests that comes via the MG.</div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div></div><div><br></div><div><br></div><div><b>Scenario 2 (for \
throttling)</b></div><div>- An API Publisher wants to control access to an API based \
on different HTTP verbs, resources or even based on different roles.</div><div>- Even \
after enforcing these limits at different levels (via the publisher) a subscriber who \
has a valid JWT generated from the store can still access the API without been \
confined to App, API or resource level throttling limits set by the \
publisher.</div></div></blockquote><div><br></div><div>What you are describing here \
are API level rate limiting options. Which are again supported irrespective of \
subscriptions. The only rate limit dependent on the subscription is the subscription \
tier.</div></div></div></blockquote><div>ack </div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div \
class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><div><br></div><div>Nadeesha</div><div><br></div></div><br><div \
class="gmail_quote"><div dir="ltr">On Tue, Nov 27, 2018 at 2:56 PM Nuwan Dias <<a \
href="mailto:nuwand@wso2.com" target="_blank">nuwand@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">It \
doesn't by pass the security Nadeesha. You are mandated to send a valid security \
token to the Gateway, without which you cannot access any secured \
resources.<div><br></div><div>The only thing you get with a subscription is the rate \
at which you are allowed to access an API. In the default behavior of the product we \
default that rate limit to a certain limit which is lower than all other defaults. If \
someone is not ok with that limit, then can further reduce or increase \
it.</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 27, 2018 at \
10:16 AM Nadeesha Gamage <<a href="mailto:nadeesha@wso2.com" \
target="_blank">nadeesha@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Nuwan,<div>In my option API \
Microgateway should honor the throttling limits and access limitations set by the API \
Manager product irrespective of the fact that we are planning to make it \
interoperable with 3rd party products and open standards. If we allow any request \
that has a valid JWT to access APIs in the micro gateway then there should be an \
option for API creators/publishers to consent this behaviour for their APIs. \
Otherwise we are creating a back channel to bypass the security and throttling (which \
API creator/publisher enforces through the API \
Publisher).</div><div><br></div><div><br></div><div>Nadeesha</div></div><br><div \
class="gmail_quote"><div dir="ltr">On Sun, Nov 18, 2018 at 6:16 PM Harsha Kumara \
<<a href="mailto:harshak@wso2.com" target="_blank">harshak@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr">On Sun, Nov 18, 2018 \
at 5:27 AM Nuwan Dias <<a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div><br></div><div><br><div \
class="gmail_quote"><div dir="ltr">On Sun, 18 Nov 2018 at 9:48 am, Nadeesha Gamage \
<<a href="mailto:nadeesha@wso2.com" target="_blank">nadeesha@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi \
Nuwan,<div><br></div><br><div class="gmail_quote"><div dir="ltr">On Sun, Nov 18, 2018 \
at 5:43 AM Nuwan Dias <<a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div><div dir="auto">In the Microgateway the \
concept of a subscription is optional. This is because the Microgateway is designed \
as an independent gateway that can run with or without a full API Management system \
in place. Therefore as long as the Microgateway receives a valid JWT it trusts, it \
allows the request to pass through. If the JWT contains details of a subscription it \
will honour it, otherwise it will default to predefined limits for other \
policies.</div></div><div dir="auto"><br></div><div dir="auto">The idea of micro-* \
products is to provide developer first experiences for better agility. Hence the \
motivation for decoupling the gateway runtime as much as possible from the API \
Management. This way developers can use the MG with a token obtained from any sts \
that is trusted by the MG (IS, Okta, Ping, \
etc).</div></blockquote><div><br></div><div>I strongly feel that this should be \
provided as an option when publishing the API, because we allow a creator/publisher \
to set throttling limits and define what token types should be accepted and the MG \
does not honor any of that. Based on the current MG behaviour I feel our story on API \
Management is broken and both standard GW and MG cannot co-exist with this behaviour. \
</div></div></div></blockquote><div dir="auto"><br></div><div dir="auto"><div \
dir="auto"><div dir="auto">Also note that the next release of the Microgateway will \
not even require an API Management system at all. You can simply create a \
Microgateway runtime from a swagger file and run it in isolation. So the concept of \
publishing doesn't even come into the picture.</div></div><div \
dir="auto"><br></div><div dir="auto">We are moving away from the Center of excellence \
mode of operations. And unless there is any logical reasoning to do so we won't be \
thinking that the regular gateway and Microgateway should have consistent \
behaviour.</div><div dir="auto"><br></div><div dir="auto">BTW, we are discussing this \
on a completely wrong thread. We should discuss this in \
public.</div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div \
class="gmail_quote"><div><br></div><div><br></div><div><a class="gmail_plusreply" \
id="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637746 \
96016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027255165plusReplyChip-0" \
href="mailto:nuwan@wso2.com" target="_blank">@Nuwan Bandara</a> what your \
thoughts?<br></div></div></div><div dir="ltr"><div \
class="gmail_quote"><div><br></div><blockquote class="gmail_quote" style="margin:0px \
0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><br><div \
class="gmail_quote"><div dir="ltr">On Sun, 18 Nov 2018 at 1:01 am, Nalaka Senarathna \
<<a href="mailto:nalakas@wso2.com" target="_blank">nalakas@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">HI \
All,<div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">From \
APIM 2.6 onwards we have introduced a feature to invoke an API with a valid JWT and \
this doesn't need to have subscription details. The idea here is that users can use \
any valid jwt and we only check the signature verification. </div><div \
dir="auto"><br></div><div dir="auto">But if the JWT contains the subscription info \
then we should verify and only allow if it matches.</div><div \
dir="auto"><br></div><div dir="auto">@Nalaka: \
thoughts?</div></blockquote><div>Correct pubudu.</div><div><br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex">IMO this needs to be fixed, if we want to allow \
access to APIs for users with a valid JWT (even though they dont have a valid \
subscription) then that should be something that should be configured at an API \
level.<br></blockquote><div>So far we build the micro-gateway distribution for API \
for already published API in APIM. The reason behind to made this feature is to build \
the micro-gateway distribution directly from the swagger definition. In this point, \
we can't configure from API level.</div><div><br></div><div>[1]<span \
style="color:rgb(69,69,69);font-family:"Helvetica \
Neue";font-size:12px">Skipping subscription in micro-gateway to allow access to \
valid JWT</span></div>
<div><br></div><div>Thanks. Regards</div><div><br></div></div></div><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at 11:16 PM Nadeesha Gamage \
<<a href="mailto:nadeesha@wso2.com" target="_blank">nadeesha@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi \
all,<div>At the moment the behaviour is flowed and here is why</div><div>1. Anyone \
who has access to the store can access any API exposed via MG without a valid \
subscription.</div><div>2. Given that subscriptions are not honored there is no way \
of throttling APIs.<br></div><div><br></div><div>IMO this needs to be fixed, if we \
want to allow access to APIs for users with a valid JWT (even though they dont have a \
valid subscription) then that should be something that should be configured at an API \
level. </div><div><br></div><div>Nadeesha</div></div><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at 10:51 AM Harsha Kumara \
<<a href="mailto:harshak@wso2.com" target="_blank">harshak@wso2.com</a>> \
wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px \
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div \
dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at \
12:12 AM Rajith Roshan <<a href="mailto:rajithr@wso2.com" \
target="_blank">rajithr@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi Harsha,<div dir="auto">The idea \
behind is allow to access apis exposed via micro gw if user has a valid token from a \
trusted STS. Make subscription validation configurable in micro gw is something we \
can do. But that will not allow apis to be invoked from a third party key manager. \
Then thers should be set of micro gws with subscription validation and set without \
subscription validation. This will make deployment kind of complex. \
Wdyt</div></div></blockquote><div>How about sending empty claim if there is no \
subscription? So we can make sure that person who use store subscriptions can't \
use APIs unless they subscribed? </div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><br><div class="gmail_quote"><div dir="ltr">On \
Sat, 17 Nov 2018, 10:31 Harsha Kumara <<a href="mailto:harshak@wso2.com" \
target="_blank">harshak@wso2.com</a> wrote:<br></div><blockquote class="gmail_quote" \
style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">But it should be enabled \
separately. How we can enforce person who comes to store should need valid \
subscription to invoke a API?</div><br><div class="gmail_quote"><div dir="ltr">On \
Fri, Nov 16, 2018 at 11:35 PM Pubudu Gunatilaka <<a href="mailto:pubudug@wso2.com" \
rel="noreferrer" target="_blank">pubudug@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div><div dir="auto">Hi,</div></div><div \
dir="auto"><br></div><div dir="auto">From APIM 2.6 onwards we have introduced a \
feature to invoke an API with a valid JWT and this doesn't need to have subscription \
details. The idea here is that users can use any valid jwt and we only check the \
signature verification. </div><div dir="auto"><br></div><div dir="auto">But if the \
JWT contains the subscription info then we should verify and only allow if it \
matches.</div><div dir="auto"><br></div><div dir="auto">@Nalaka: thoughts?</div><div \
dir="auto"><br></div><div dir="auto">Thank you!</div><div><br><div \
class="gmail_quote"><div dir="ltr">On Sat, Nov 17, 2018 at 3:11 AM Harsha Kumara \
<<a href="mailto:harshak@wso2.com" rel="noreferrer" \
target="_blank">harshak@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">If you create a JWT and then if it \
allowed to invoke APIs which subscribed aftrwards then it's a bug. We should fix \
it.</div><br><div class="gmail_quote"><div dir="ltr">On Fri, Nov 16, 2018 at 3:23 PM \
Nadeesha Gamage <<a href="mailto:nadeesha@wso2.com" rel="noreferrer" \
target="_blank">nadeesha@wso2.com</a>> wrote:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi team,<div>MG is allowing \
requests to go through even if the application associated with the JWT doesnt have a \
subscription to the API. Please find the screenshots below. Is this by design or is \
this a bug?</div><div><br></div><div><div><img \
src="https://mail.google.com/mail/u/0?ui=2&ik=f04c1f1c69&attid=0.4&permmsg \
id=msg-a:r-6953667307078040555&view=fimg&sz=s0-l75-ft&attbid=ANGjdJ-NWGuJR \
hTxURzlO1pnQeD69y8rlWSUy1cB8V02Dr0Sj0HxyKbQrMFgVabZLM0qyyaOTXNd0GN5cCTfA6sEmIO3S_Prf3ePu-fmj4YXJCh2y64UQjLsjWr_OFc&disp=emb&realattid=ii_jokgzeui0" \
alt="image.png" style="width: 667px; max-width: \
100%;"><br></div><div><br></div><div><div><img src="cid:ii_jlzchx6n1" alt="image.png" \
style="width: 667px; max-width: \
100%;"><br></div></div><div><br></div><div><br></div><div><div><br></div>-- <br><div \
dir="ltr" class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059 \
455m_8563774696016379424m_782145651820759727m_-7861540490837422750m_-80242123929629942 \
52m_8817918219989236196m_-170533031027255165m_-3850863669589702253m_131731088976691671 \
7m_-2729812107929074077m_-6336042448784824828m_-865467441741341975m_888179968040470388 \
9m_3997391788452834355m_4242926595161616509m_-7429562992032511693gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div>Nadeesha Gamage<br></div>Senior Lead Solutions \
Engineer<br>T : +94 77 394 5706<br></div></div><div>B : <a \
href="https://nadeesha678.wordpress.com/" rel="noreferrer" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_881791 \
8219989236196m_-170533031027255165m_-3850863669589702253m_1317310889766916717m_-272981 \
2107929074077m_-6336042448784824828m_-865467441741341975m_8881799680404703889m_3997391788452834355m_4242926595161616509gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" rel="noreferrer" \
target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" rel="noreferrer" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven Business</div></div></div></div></div></div> \
</blockquote></div></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_881791 \
8219989236196m_-170533031027255165m_-3850863669589702253m_1317310889766916717m_-272981 \
2107929074077m_-6336042448784824828m_-865467441741341975m_8881799680404703889m_3997391788452834355gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div dir="ltr"><font color="#888888"><span \
style="font-size:13px;background-color:rgb(255,255,255)"><span \
style="color:rgb(68,68,68)"><span style="background-color:rgb(255,255,255)"><font \
style="font-family:arial" face="arial, helvetica, sans-serif"><b>Pubudu \
Gunatilaka</b></font></span></span></span></font></div><div dir="ltr"><span \
style="color:rgb(153,153,153);font-size:x-small">Committer and PMC Member - Apache \
Stratos</span><br></div><div><font color="#888888"><span \
style="font-size:13px;background-color:rgb(255,255,255)"><div \
style="font-family:arial,sans-serif;color:rgb(51,51,51)"><div \
style="font-family:arial"><span style="border-collapse:collapse"><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span \
style="color:rgb(153,153,153)"><font size="1">Associate Technical \
Lead</font></span></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span \
style="color:rgb(153,153,153)"><font size="1">WSO2, Inc.:<a href="http://wso2.com" \
rel="noreferrer" target="_blank"> http://wso2.com</a></font></span></div><div \
style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><span \
style="color:rgb(153,153,153);font-size:x-small">mobile : </span><a \
href="tel:%2B94772207163" value="+94772207163" \
style="font-size:x-small;color:rgb(17,85,204)" rel="noreferrer" \
target="_blank">+94774078049</a></div><font face="arial, helvetica, sans-serif"><a \
value="+94718279777" rel="noreferrer"><span \
style="background-color:rgb(255,255,255)"><br></span></a></font></span></div></div></span></font></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_881791 \
8219989236196m_-170533031027255165m_-3850863669589702253m_1317310889766916717m_-272981 \
2107929074077m_-6336042448784824828m_-865467441741341975m_8881799680404703889gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" rel="noreferrer" \
target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" rel="noreferrer" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven Business</div></div></div></div></div></div> \
</blockquote></div> </blockquote></div><br clear="all"><div><br></div>-- <br><div \
dir="ltr" class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059 \
455m_8563774696016379424m_782145651820759727m_-7861540490837422750m_-80242123929629942 \
52m_8817918219989236196m_-170533031027255165m_-3850863669589702253m_1317310889766916717m_-2729812107929074077m_-6336042448784824828gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven Business</div></div></div></div></div></div></div> \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_881791 \
8219989236196m_-170533031027255165m_-3850863669589702253m_1317310889766916717m_-2729812107929074077gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div>Nadeesha Gamage<br></div>Senior Lead Solutions \
Engineer<br>T : +94 77 394 5706<br></div></div><div>B : <a \
href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_881791 \
8219989236196m_-170533031027255165m_-3850863669589702253m_1317310889766916717gmail_signature"><div \
dir="ltr"><div><div><b style="font-size:12.8px">Nalaka Senarathna</b><br></div><div \
dir="ltr"><div><b>Associate Software Engineer | \
WSO2</b></div><div><b><br></b></div><div><b>Email : <a href="mailto:nalakas@wso2.com" \
target="_blank">nalakas@wso2.com</a></b></div><div><b>Mobile : \
+94714118474</b></div><div><b>web : <a href="https://wso2.com" target="_blank"> \
https://wso2.com</a></b></div><div><a href="https://wso2.com/signature" \
target="_blank"><img \
src="http://c.content.wso2.com/signatures/wso2-signature-general.png"></a><br></div><div><br></div></div></div></div></div>
</blockquote></div></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027255165m_-3850863669589702253gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 Inc.<br></div><div>(m) +94 777 \
775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" style="width: 446px; max-width: \
100%;"></div></div></div></div></div></div></div></div> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196m_-170533031027255165gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div>Nadeesha Gamage<br></div>Senior Lead Solutions \
Engineer<br>T : +94 77 394 5706<br></div></div><div>B : <a \
href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252m_8817918219989236196gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 Inc.<br></div><div>(m) +94 777 \
775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" width="326" height="43" style="margin-right: \
0px;"></div></div></div></div></div></div></div></div> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_85637 \
74696016379424m_782145651820759727m_-7861540490837422750m_-8024212392962994252gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Associate Technical Lead, WSO2 \
Inc.<br></div>Mobile: +94775505618<br></div><div>Email: <a \
href="mailto:harshak@wso2.coim" target="_blank">harshak@wso2.coim</a></div>Blog: <a \
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820759727m_-7861540490837422750gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div>Nadeesha Gamage<br></div>Senior Lead Solutions \
Engineer<br>T : +94 77 394 5706<br></div></div><div>B : <a \
href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_8563774696016379424m_782145651820759727gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 Inc.<br></div><div>(m) +94 777 \
775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" width="326" height="43" style="margin-right: \
0px;"></div></div></div></div></div></div></div></div> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686m_-5523122197361059455m_8563774696016379424gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div>Nadeesha Gamage<br></div>Senior Lead Solutions \
Engineer<br>T : +94 77 394 5706<br></div></div><div>B : <a \
href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042m_-7394458216237717686gmail_signature"><div \
dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div \
dir="ltr"><div><b>Nuwan Dias</b> | Director | WSO2 Inc.<br></div><div>(m) +94 777 \
775 729 | (e) <a href="mailto:nuwand@wso2.com" \
target="_blank">nuwand@wso2.com</a></div><div><img src="cid:ii_jlzchx6n1" \
alt="Signature.jpg" width="326" height="43" style="margin-right: \
0px;"></div></div></div></div></div></div></div></div></div> </blockquote></div><br \
clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail-m_-4882188191520735042gmail_signature"><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div>Nadeesha Gamage<br></div>Senior Lead Solutions Engineer<br>T : +94 77 \
394 5706<br></div></div><div>B : <a href="https://nadeesha678.wordpress.com/" \
target="_blank">https://nadeesha678.wordpress.com/</a></div></div></div></div></div></div></div></div></div></div></div></div>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" \
class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div \
dir="ltr"><div><div dir="ltr"><div><div><div><b>Harsha \
Kumara<br></b></div><div><b><br></b></div>Technical Lead, WSO2 Inc.<br></div>Mobile: \
+94775505618<br></div><div>Email: <a href="mailto:harshak@wso2.coim" \
target="_blank">harshak@wso2.coim</a></div>Blog: <a \
href="http://harshcreationz.blogspot.com" \
target="_blank">harshcreationz.blogspot.com</a><br></div></div><div \
dir="ltr"><br></div><div dir="ltr"><div>GET INTEGRATION AGILE</div><div>Integration \
Agility for Digitally Driven Business</div></div></div></div></div></div></div></div>
--000000000000f87ade05906f77d2--
["Signature.jpg" (image/jpeg)]
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic