I'm currently working on a Web Application Firewall idea on my free
time, and I think this might somehow fit within the scope of apiman.
Web Application Firewall is a proxy or filter that sits in front of an
application, accepting/rejecting requests. The main idea is to block
malicious requests before they reach the protected application. One
example of such component is ModSecurity.
I see that apiman already has some features around security, but I'm not
sure how far into this realm the project wants to go. Is there an
interest in having such a feature? If so, what would make most sense:
something completely inside apiman, or light integration with an
external service (in a microservices fashion)?
1 - https://www.modsecurity.org/