/
Basic Security Requirements
Basic Security Requirements
- Steven Maglio
Owned by Steven Maglio
Jun 02, 2018
Analytics
Loading data...
Background & Business Value
Basic requirements of security that don't need to be repeated in all the documents.
Goals
- HTTPS Everywhere
- Authenticate all calls through the API Gateway
- Ensure Resource Services are only called by the API Gateway
Out of Scope
- Usage Scenarios
Assumptions
- If other requirement documents conflict with these requirements, these requirements will be superseded. These are the baseline requirements that can be overridden in a specialized situations.
Requirements
| Ticket(s) | Title | User Story | Priority | Notes |
|---|---|---|---|---|
| HTTPS Everywhere | As a client developer, I expect all communication to be over HTTPS. | MUST HAVE | ||
| All Calls Authenticated | As a gateway admin, all calls through the gateway need to be authenticated. | MUST HAVE |
| |
| IP Restrictions | As a gateway admin, all Resource Servers should implement restrictions to prevent unauthorized calls coming from places other than Apigee. | MUST HAVE |
|
User Interaction, Design & Architecture
Examples and References
Questions
Below is a list of questions to be addressed as a result of this requirements document:
| Question | Outcome | Decision Date |
|---|---|---|
Related content
Usage: Application to Campus API Gateway Requirements
Usage: Application to Campus API Gateway Requirements
More like this
Campus API Security Requirements
Campus API Security Requirements
More like this
Usage: Browser App to Resource Server Requirements
Usage: Browser App to Resource Server Requirements
More like this
First Draft - Security Requirements for Campus Student API
First Draft - Security Requirements for Campus Student API
More like this
Campus API Developer Portal Security Requirements
Campus API Developer Portal Security Requirements
More like this
Campus Identity Resource Request
Campus Identity Resource Request
More like this