2. API orchestration security pattern [Control Realization] ()
2. API orchestration security pattern [Control Realization]
NORA-1: External API client
NORA-1: External Browser
API client STS-21: Distributed denial of service protection service
Browser STS-21: Distributed denial of service protection service
NORA-2: DMZ (Demilitarized Zone) STS-23: Secure service gateway
NORA-2: DMZ (Demilitarized Zone) STS-21: Distributed denial of service protection service
NORA-2: DMZ (Demilitarized Zone) STS-17: Web application firewall service
STS-21: Distributed denial of service protection service SC-5: Denial-of-service Protection
STS-21: Distributed denial of service protection service STS-17: Web application firewall service
STS-21: Distributed denial of service protection service STS-17: Web application firewall service
STS-17: Web application firewall service STS-23: Secure service gateway
STS-17: Web application firewall service SI-3: Malicious Code Protection
STS-17: Web application firewall service SC-13: Cryptographic Protection
STS-17: Web application firewall service API client
STS-17: Web application firewall service SI-10: Information Input Validation
STS-23: Secure service gateway STS-03: Identity provider service
STS-23: Secure service gateway Secure service gateway security requirements
STS-23: Secure service gateway STS-23: Secure service gateway
NORA-4: Back Office STS-03: Identity provider service
NORA-4: Back Office STS-13: Security information and event management service
NORA-4: Back Office BFF layer
NORA-4: Back Office Domain B
NORA-4: Back Office Domain A
STS-13: Security information and event management service STS-03: Identity provider service
STS-13: Security information and event management service SI-4: System Monitoring
STS-13: Security information and event management service STS-17: Web application firewall service
STS-13: Security information and event management service STS-23: Secure service gateway
STS-13: Security information and event management service Domain B
STS-13: Security information and event management service Domain A
STS-03: Identity provider service AC-12: Session Termination
STS-03: Identity provider service SC-13: Cryptographic Protection
STS-03: Identity provider service AC-3: Access Enforcement
BFF layer API client
API client STS-23: Secure service gateway
API client STS-23: Secure service gateway
API client STS-03: Identity provider service
Domain B API endpoint B1
Domain B API endpoint B2
Domain B STS-23: Secure service gateway
API endpoint B1 API endpoint security requirements
API endpoint B1 API endpoint B2
API endpoint B2 API endpoint security requirements
STS-23: Secure service gateway Secure service gateway security requirements
STS-23: Secure service gateway API endpoint B1
Domain A API endpoint A1
Domain A API endpoint A2
Domain A STS-23: Secure service gateway
API endpoint A1 API endpoint A2
API endpoint A1 API endpoint security requirements
API endpoint A2 API endpoint security requirements
API endpoint A2 STS-23: Secure service gateway
API endpoint A2 STS-03: Identity provider service
STS-23: Secure service gateway Secure service gateway security requirements
STS-23: Secure service gateway API endpoint A1
API endpoint security requirements AC-3: Access Enforcement
API endpoint security requirements SI-3: Malicious Code Protection
API endpoint security requirements SC-13: Cryptographic Protection
API endpoint security requirements AC-4: Information Flow Enforcement
API endpoint security requirements SI-10: Information Input Validation
Secure service gateway security requirements SI-10: Information Input Validation
Secure service gateway security requirements SI-3: Malicious Code Protection
Secure service gateway security requirements AC-3: Access Enforcement
Secure service gateway security requirements CM-7: Least Functionality
Secure service gateway security requirements AC-4: Information Flow Enforcement
AC-3-a: Advanced access control token exchange policy. AC-3: Access Enforcement
AC-3-b: Token scope management AC-3: Access Enforcement