Open policy agent (OPA) enables you to write security and compliance policies as code, or call any external policies using the OPA standard. WSO2 API manager uses this capability to offload policy decisions of API gateway requests to this policy engine. By decoupling the policy enforcement from evaluation, API policymakers now have the opportunity to write dynamic and reusable policies for ever-changing requirements. You can then reuse an OPA policy like any other policy in the API Manager by graphically dragging and dropping it into a policy pipeline. This video explains how it works and gives a demo.

In this session of #IdentityIn15, we will be demonstrating how you can secure your Express applications with OIDC authentication using Asgardeo Express SDK.

In today's episode, we will discuss how you can secure OAuth2 Tokens with DPoP using the WSO2 Identity Server. DPoP (Demonstrating-Proof-of-Possession) is an additional security mechanism for the token generation which overcomes the issue of bearer token which will not validate between who is requested token and who is actually using the token for the access of a particular resource. The following is the outline for today's session.

WSO2 API Manager 4.1 is out! Come learn what’s new! This release improves productivity in development and operations, expands support for different protocols and third-party technologies, and completes the product’s analytics story.

This screencast shows how to expose legacy SOAP backends as REST APIs through WSO2 Enterprise Integrator. The generated REST service can be directly deployed into WSO2 Micro Integrator. It is also possible to edit the generated REST API using the IDE.

When you are running a micro-integrator on a microservices environment, administrators who have admin access to the micro-integrator are able to change its configurations via admin services API. When someone needs to debug the system and find out which person did what change, then the micro-integrator needs to keep a log of activities performed on the micro-integrator. Audit logs are simply a set of logs that let you find what are the changes performed on the micro-integrator instance. Audit logs feature support from the APIM 4.1.0 onward.

APIM per API logging support lets you enable logging request details per API basis. This will significantly impact APIM performance when you need to collect logs that come in to and out of the APIM instance. Users are able to enable or disable logging for each API by using the APIM REST API. WSO2 APIM logging gives you multiple log levels that let you log information in different levels.

In this episode, we will be discussing about using the FIDO for multi-factor authentication with the WSO2 Identity Server in just 15 minutes.

In this 2 part series, Eric Newcomer, Chief Technology Officer at WSO2 speaks to FinextraTV about the type of technologies that are conducive to self-disruption, what banks need to consider when revamping their technology and operations divisions to promote innovation, how this translates into a culture of innovation, and how migration to the cloud reinforce banks’ cybersecurity and resilience.

In this 2 part series, Eric Newcomer, Chief Technology Officer at WSO2 speaks about self-disruption across the industry, what is meant by this and how this approach is helping FIs address business challenges. We learn how the internal disruption that comes with new technology strategies can benefit the customer, the type of strategies that could formalise this natural disruption to create a process of structured self-disruption, and how this fits in with the regulatory landscape.