New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Discussion: L3AFD Secure web api #20
Conversation
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
d578c5f
to
cf51dd8
Compare
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
LGTM, thanks to everyone for their input/feedback! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
b2d84b2
to
f5cc3f4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few wording nits and then good
discussions/secure_web_api.md
Outdated
|
||
L3AF could be running in two scenarios, users can use L3AF in secure enterprise private networks and in public network. | ||
In case of private network, L3AFD and clients will be communicating with each other over a network that is normally | ||
protected by vpn or PCI (Payment Card Information), and hence it may not be essential to enable mTLS in this case. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
protected by vpn or PCI (Payment Card Information), and hence it may not be essential to enable mTLS in this case. | |
protected by vpn or PCI (Payment Card Information), and hence some may not consider it essential to enable mTLS in this case, although the current industry trend and best practice is to consider it essential even on private networks, which trend uses the [Zero trust security model](https://en.wikipedia.org/wiki/Zero_trust_security_model). |
Signed-off-by: Santhosh Fernandes <santhosh.fernandes@gmail.com>
a9f3a8c
to
b782dea
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for all the updates! Looks good now.
Signed-off-by: Santhosh Fernandes santhosh.fernandes@gmail.com