Changes for page Data Exchange

Summary

• Page properties (2 modified, 0 added, 0 removed)

Details

Page properties

Title

...	...	@@ -1,1 +1,1 @@
1		-Data Exchange
	1	+expert-securing-data-traffic-api-gw-security-external-idp

Content

...	...	@@ -1,6 +1,5 @@
1	1	{{container}}{{container layoutStyle="columns"}}(((
2		-Because eMagiz provides the integration between two or more applications via the eMagiz platform, the point at which the data is interchanged between application and integration is a critical part of the integration in terms of security.
3		-Within eMagiz, there are three main integration patterns a user can configure to support their business case most optimally. First, this section will look at all three integration types and specify the security measures.
	2	+In most cases, you will transform XML messages to other XML messages, or you will transform JSON or EDI messages in another of these formats. However, sometimes you want to perform an image transformation. With this image transformation, you can convert images in specific formats to another format (i.e., png). This can come in handy when you want to standardize the image format before using it further downstream in your business application(s).
4	4
5	5	Should you have any questions, please get in touch with [[academy@emagiz.com>>mailto:academy@emagiz.com]].
6	6
...	...	@@ -10,78 +10,50 @@
10	10
11	11	== 2. Key concepts ==
12	12
13		-This microlearning focuses on security considerations when exchanging data via the platform.
	12	+This microlearning focuses on performing image transformations in eMagiz.
14	14
15		-* Each pattern comes with generic and specific checks and balances to ensure security is taken care of when exchanging data.
	14	+By image transformation, we mean transforming the raw data that represents an image into another image format.
16	16
17		-== 3. Data Exchange ==
	16	+* Read the help text of the component to understand which formats are supported
	17	+* Ensure the input image is supplied in the correct format
	18	+* Ensure you wrap the output image in something if you want to do additional transformations on the data further downstream
18	18
19		-Because eMagiz provides the integration between two or more applications via the eMagiz platform, the point at which the data is interchanged between application and integration is a critical part of the integration in terms of security.
20		-Within eMagiz, there are three main integration patterns a user can configure to support their business case most optimally. First, this section will look at all three integration types and specify the security measures.
	20	+== 3. Image Transformation ==
21	21
22		-=== 3.1 Messaging ===
	22	+In most cases, you will transform XML messages to other XML messages, or you will transform JSON or EDI messages in another of these formats. However, sometimes you want to perform an image transformation. With this image transformation, you can convert images in specific formats to another format (i.e., png). This can come in handy when you want to standardize the image format before using it further downstream in your business application(s).
23	23
24		-Messaging is the most flexible option of the three; therefore, a wide range of options is available within eMagiz to secure the connections.
25		-eMagiz offers users the tools to set up integrations and end-points securely. eMagiz supports well-known market standards, including:
	24	+Before we dive into the specifics of how to configure this, let us first consider the following:
26	26
27		-* OpenID Connect
28		-* WS-Security
29		-* API Keys in combination with HTTPS/SSL
30		-* SOAP Authentication
31		-* OAuth2.0
32		-* Basic Authentication
	26	+* Read the help text of the component to understand which formats are supported
	27	+* Ensure the input image is supplied in the correct format
	28	+* Ensure you wrap the output image in something if you want to do additional transformations on the data further downstream
33	33
34		-This way, each connection between the application and the integration (end-point) can be adequately secured and gives the flexibility to confer with the external application which method best suits their needs.
	30	+{{warning}} This microlearning focuses on the image transformer component. Ensuring that the input is valid and the output fits the remainder of the process is highly dependent on the use case and will therefore not be discussed in this microlearning{{/warning}}
35	35
36		-=== 3.2 API Gateway ===
	32	+When turning to the Create phase of eMagiz, we need to open the flow and enter "Start Editing" mode to add the necessary component. For example, in the left panel, you can search for "Image." This will yield the following result.
37	37
38		-A structure with roles and rights per role can be specified within the portal or via an external IDP to secure the front end of the API Gateway in eMagiz. Note that for the backend of the API Gateway, the same logic applies as stated above for messaging, which means that eMagiz supports the industry standard. Therefore, you as a user should confer with the external party about the correct method.
	34	+[[image:Main.Images.Microlearning.WebHome@expert-create-your-transformations-image-transformation-image-transformation-component.png]]
39	39
40		-==== 3.2.1 Portal ====
	36	+After dragging the component onto the canvas, you must define the channels first.
41	41
42		-As shown in the picture below, the roles are defined so that the Read role can only access two integrations available for this specific API Gateway. If a client has insufficient rights, they will receive a 401 Unauthorized
	38	+[[image:Main.Images.Microlearning.WebHome@expert-create-your-transformations-image-transformation-image-transformation-component-help.png]]
43	43
44		-[[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--api-gateway-portal-feedback.png]]
	40	+Secondly, we must select the desired image format we want to transform. Finally, the field indicates all valid values you can choose. Please note that 'PNG' is the default selection.
45	45
46		-==== 3.2.2 (External) IDP ====
	42	+[[image:Main.Images.Microlearning.WebHome@expert-create-your-transformations-image-transformation-image-transformation-component-image-options.png]]
47	47
48		-Apart from configuring the roles, users, and rights within the portal itself, it is also possible to hook the API Gateway up to an (external) IDP.
49		-By communicating with this IDP via the OAuth2.0 protocol, a check is done every time a client calls a specific operation to see whether that client has sufficient rights to access the operation.
	44	+Once you have done this, the component configuration is finished, and you can transform your input image to a desired output image format.
50	50
51		-If the client has sufficient rights, the process continues. For example, if the client has insufficient rights, the client receives a 401 Unauthorized.
52		-
53		-==== 3.2.3 Error Handling ====
54		-
55		-To prevent the error message if it occurs is sent straight back to the client, you can configure the front end of the API Gateway so that correct HTTP Status codes are given back to the client, including a descriptive message.
56		-
57		-For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course API Gateway.crashcourse-api-gateway-configure-roles-and-users.WebHome||target="blank"]].
58		-
59		-=== 3.3 Event Streaming ===
60		-
61		-Within the Event Streaming solution, eMagiz provides Event Streaming users, and topics can be created.
62		-Access to a topic within a cluster is governed by an Access Control List (ACL). This ACL links users to a topic and defines what the user can do on a topic (consume, produce, both).
63		-
64		-Only users with sufficient rights in the Deploy phase of eMagiz can add users, and topics and change the ACL entries specific to the Event Streaming cluster.
65		-
66		-Apart from producing or consuming data on specific topics based on the ACL, users also need a valid Keystore (containing the key and cert generated automatically) and a valid truststore (containing the CA certificate of the event streaming cluster) to produce or consume data.
67		-
68		-These are all security measures to prevent third parties from unauthorized access to the data stored on the topics.
69		-
70		-For more information on how this precisely can be configured via the eMagiz platform, please check the following [[microlearning>>doc:Main.eMagiz Academy.Microlearnings.Crash Course.Crash Course Event Streaming.crashcourse-eventstreaming-user-management.WebHome||target="blank"]].
71		-
72		-=== 3.4 General ===
73		-
74		-Regardless of the selected pattern for your solution, it would be best if you always considered that you only exchange relevant information with the external party. This means you should consider both headers as the payload you need to exchange with the external party. This is particularly interesting for any communication via HTTP gateways as they hold functionality to send all message headers as HTTP headers and vice versa.
75		-
76	76	== 4. Assignment ==
77	77
78		-Check whether you might be exchanging too much information with an external party within your project.
	48	+Check whether the solution we discussed today can be found within your project.
79	79	This assignment can be completed within the (Academy) project you created/used in the previous assignment.
80	80
81	81	== 5. Key takeaways ==
82	82
83		-* Each pattern comes with generic and specific checks and balances to ensure security is taken care of when exchanging data.
84		-* When you are not careful, you might share too much information with external parties.
	53	+* Read the help text of the component to understand which formats are supported
	54	+* Ensure the input image is supplied in the correct format
	55	+* Ensure you wrap the output image in something if you want to do additional transformations on the data further downstream
85	85
86	86	== 6. Suggested Additional Readings ==
87	87