0

I have reading and developing my understanding with SOA, I found this approach of development useful. However there are couple of thing confusing me which are:

Background: we are designing online financial application, recently we are in phase of designing brain storming sessions. (audit & logging need to be done)

1 - how to make sure Secure inter process communication?

My thinking: to restrict external access to these API's by firewall. So these can only be call internally by system.

2 - what will be preferred protocol rest or soap in context of private api (IPC) and public APIs (exposed to clients for e.g mobile,web and desktop)

My Thinking: For read we can use Rest and for ACID compliance transactions we can utilize soap as its provide point to point security. Or for IPC we are thinking to utilize soap as its provide audit mechanism also.

3 - What is Role of API gateway? specially is it involve in inter process communication?

I am confused on this specially with IPC. I think all request even services to services call will perform via API gateway. Kindly elaborate this in detail if I am wrong.

4 - is this possible to keep some services public and some private in micro services architecture? how to logically separate both of them?

What ever I have research we can do this.

5 - What is major difference and pros and cons of SOA and Micro SOA?

My view: Msoa is extention of SOA.

Thanks in advance.

Can anyone draw a diagram or provide link of MSOA architecture diagram with API gateway.

APIGEE is primary source of my understanding, then google it specifics which move in different directions.

Security is our major concern.

Improve this question
1
  • Links are also appreciated for my questions Commented Jan 31, 2015 at 23:03

1 Answer 1

Reset to default
2

1 - how to make sure Secure inter process communication?

Internally, whitelisting IP's and firewalls are probably the most secure. If these servcies scale and have dynamic IP's you may have an issue with that, in which case shared secrets can work, but ned to be put in place and respected across all services. JWT's are quite good for this (similar to SAML, but not as painful), used with an authentication microservice.

Externally - tokens, OAuth2 depending on how much pain you want to go through.

2 - what will be preferred protocol rest or soap in context of private api (IPC) and public APIs (exposed to clients for e.g mobile,web and desktop)

I would use REST, SOAP is slowly becoming an antiquated standard, you can secure comms p2p by using TLS or HMAC signing.

3 - What is Role of API gateway? specially is it involve in inter process communication?

An API gateway is usually used to expose legacy APIs to the public, or to manage a large set of internal services via single amanged interface. An API gateway can also help manage tokens for clients and offer a single token for multi-service access and obfuscate the internal APIs from the external interface.

Gateways tend to also offer developer portals and some kind of self-enrollment process as well as control flows for request content (inbound and outbound).

Tyk.io is an open source API Gateway - you can see the kind of features to expect from a gateway on their home page

4 - is this possible to keep some services public and some private in micro services architecture? how to logically separate both of them?

Yes, you can with an API gateway. So long as there are no inter-service dependencies.

5 - What is major difference and pros and cons of SOA and Micro SOA?

I think one is a subset of the other, SOA tends to be interconnected with a messaging structure like an ESB, but micro-SOA will bhe even more specialised and may not use an ESB.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.