New Event Portal Event Access Request/Approval Workflows

joseph_lanoux
joseph_lanoux Member, Employee Posts: 12 Solace Employee
edited July 2024 in PubSub+ Event Portal #1

Hi all,

📣 We are pleased to announce the new Event Portal Event Access Request/Approval Workflows feature.

PubSub+ Event Portal now supports new event data access governance capabilities. This feature set introduces an event data request and approval workflow to streamline the process of granting access to sensitive or restricted event data. Developers and architects can now request access to specific event data for their applications, and these requests are automatically routed to designated approvers. Approvers review and approve or deny access requests, ensuring secure and efficient data management while empowering event data owners to maintain control over their data.

This feature addresses the challenge of governing event data access in complex organizational structures by providing a centralized mechanism for managing and controlling event data flows. For more information, see Managing Event Data Access.

Let us know how you like the feature!

Comments

  • dreamoka
    dreamoka Member Posts: 56 ✭✭✭

    Is the workflow feature exist in the appliance/software broker too ?

  • joseph_lanoux
    joseph_lanoux Member, Employee Posts: 12 Solace Employee

    Hi @dreamoka,

    At the moment, this workflow is only available in the Event Portal Designer. However, we are working at the moment on a Configuration Management feature that will enable users to automatically configure their event brokers (appliances and software) from Event Portal. We will also extend the Request/Approval flows to include those deployments.

    So stay tuned for those announcements!

  • dreamoka
    dreamoka Member Posts: 56 ✭✭✭

    Great to hear it. Otherwise I will feel sad as my company is using appliance. Hopefully it will release as soon as possible.

  • opthomas
    opthomas Member Posts: 1

    Great presentation.

    Is this predominantly focused on use cases where the Application Domains are internal to an organization.

    Expanding on this example for Shipping we could theoretically use a TPP (Third Party Provider) to ship the goods.

    We would not want to give them access to the Event Portal but we would need some of the functionality such as requesting to subscribe to a queue or publish to a Topic e.g. Goods Delivered.

    This model is generally how API Gateways provide access to API's for external developers. They are given access to a developer portal where the can subscribe to services but then everything else is hidden from them.

    Also in terms of providing client id and secrets when using OAuth do you support MFA?

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 664 admin
    edited August 2024 #6

    Thanks @opthomas . And for anyone else, we just did this exact topic on my Office Hours yesterday. Watch it here on Community for the next couple weeks (at the top of the Discussions page), or here anytime:

    YouTube: https://www.youtube.com/watch?v=uiUXQHqNzEE
    LinkedIn: https://www.linkedin.com/events/7231187329388855296/comments/

    I can't speak to how it would integrate with 3rd parties that don't have EP access (e.g. simply through email), or more details on authentication mechanisms, but hopefully @joseph_lanoux or @dmacrae could comment.

    EDIT: on this part:

    We would not want to give them access to the Event Portal but we would need some of the functionality such as requesting to subscribe to a queue or publish to a Topic e.g. Goods Delivered.

    Not the Event Portal requesting access part, but on the actual runtime data part, we have the concept of Event API Products which specify an endpoint location (broker URL, queue name, etc.) and a events+schemas definition that would allow a TPP to build an app and connect into your broker and subscribe to the queue that you've setup with the events routed to it that you want. And for them sending a "Goods Delivered" confirmation (or any other single one-message-publish operation), I hope people are aware of the broker's HTTP ("REST") interface (generally on ports 9000 or 9443)… with a single HTTP POST, I can send a single message to any topic topic (via the URL), specify the delivery mode (aka quality of service) and almost any other header or metadata… and it's a Solace message that can then flow to whatever queues or brokers are subscribed to it. Very useful for non-performance-oriented-on-off-single-message publishing.

  • dmacrae
    dmacrae Member, Employee Posts: 5 Solace Employee
    edited August 2024 #7

    Thanks @opthomas. Great questions too!

    For the first, Event Portal does indeed have support for integrating with API Management Platforms, and this was introduced in particular for of the exact use case you mention. That is, allowing external developers from partners, or even our customers' end customers, to get access to a subset of the event data available in Event Portal (both from a pub and sub perspective). Event Portal actually has a specific APIM/Dev Portal API for this purpose. See https://api.solace.dev/cloud/reference/api-management-in-pubsub-event-portal for more information.

    Some of this functionality is Generally Available and some is in the Early Access release stage. Essentially, our approach to API Management (or Event API Management) is to integrate with existing APIM Platforms as developers won't want to go to one place for requesting access to Synchronous or REST APIs, and another place to request access to Asynchronous or Event APIs. With this solution they can discover and request access (and obtain approvals) for both types in the same way and from the same Dev Portal or Marketplace they have already been using before Event Portal configures the approved access.

    For your second question…. Solace Brokers support OAuth OpenID Connect (OIDC) implementations, and therefore support MFA via compatible OAuth identity providers that support MFA.

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 972 admin
    edited September 2024 #8

    I just shared a new demo video on this if anyone wants to quickly see it in action!