Hi,
ISAM does have a number of benefits here, let me name some (not all...):
- ISAM has excellent (meaning complete and flexible) support for OAuth and OIDC. This includes user self-service functionality to have users e.g. view/revoke their tokens.
- If you already use ISAM for authentication, which means your user registries are already integrated with ISAM, then why something else for user authentication? ISAM is _the_ solution for user authentication with capabilities that Datapower cannot easily offer: two-factor authentication, context-based authentication, flexible custom authentication, advanced session management, and so on.
- It's likely that your mobile use cases include user interactions with an (native mobile) browser during the OAuth/OIDC flows to get the OAuth/OIDC tokens. ISAM has excellent browser session management and authentication features (see the previous point)
See this link for a discussion on how ISAM can work together with Datapower:
https://www.ibm.com/blogs/security-identity-access/oauth-api-gateways-and-isam/A typical setup: ISAM as the Authorization Server that authenticates users/applications and DataPower as the Policy Enforcement Point.
Datapower/API Connect on the other hand is strong when it comes to API lifecycle management, offering a developer portal, API rate limiting, routing API calls to services, interfacing with billing systems, etc
Cheers, Peter.
------------------------------
Peter Volckaert
Sales Engineer
IBM Security
------------------------------
Original Message:
Sent: 02-04-2019 05:16 AM
From: THOMAS FERGUSON
Subject: benefits of using ISAM on data power
Hi
I am not a Datapower expert, but a few years back I worked on a project that implemented DataPower XI50 and XI52 acting as Web Service Proxies or Gateways. Also, we implemented DataPower XC10 caching applications. They were introduced to support the Mobile applications that used RESTFul services and took the load off of back-end WebSphere servers.
From my experience on that project, I do not think that Datapower XI50/XI52 appliancess have the same capabilities as ISAM. However, there were quite a variety of Datapower appliances with different features and capabilities.
Hope this helps!
Regards,
Tom
------------------------------
THOMAS FERGUSON
Original Message:
Sent: 02-01-2019 09:36 AM
From: Rahil Anwar
Subject: benefits of using ISAM on data power
Hi,
We have a client who is using datapower and currently wants to implement mobile SSO. I have never worked on it.
We want to implement ISAM for authentication, authorization and SSO however I have a confusion.
Data power seems to provide all the capabilities which ISAM has. Do we really need ISAM along with data power.
If yes then what are the benefits of using ISAM with data power
------------------------------
Rahil Anwar
------------------------------