In this EPIC we'll establish the appropriate integration with the Reaction IAM services to make the Federated Gateway access aware. Access control happens in two places at the Federated Gateway level for system wide policy enforcement (user authenticated?, shop access?, etc) and again at the service level for resource enforcement (user can modify pricing, etc).
User Stories
As a developer I need documentation explaining what system level policies are validated in the Gateway:
As a developer I need the Gateway to register system level policies with the Authroization service:
As a developer I need a way to intercept API request and validate policies before a federated service is requested:
EPIC Identity & Access Management Integration
In this EPIC we'll establish the appropriate integration with the Reaction IAM services to make the Federated Gateway access aware. Access control happens in two places at the Federated Gateway level for system wide policy enforcement (user authenticated?, shop access?, etc) and again at the service level for resource enforcement (user can modify pricing, etc).
User Stories
Acceptance Criteria
TBD