IBM Sterling
This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).
Shape the future of IBM!
We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:
Search existing ideas
Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,
Post your ideas
Post an idea.
Get feedback from the IBM team and other customers to refine your idea.
Follow the idea through the IBM Ideas process.
Specific links you will want to bookmark for future use
Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.
IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.
ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.
It is probably a bit wider than just authentication - it pretty much covers the general security of the REST services (so includes authorisation too)
If i have REST service such as these:
B2B REST APIs available in Sterling B2B Integrator - IBM Documentation
B2B REST APIs available in Sterling B2B Integrator - IBMNote: The custom protocol names are not displayed on READ, UPDATE, and DELETE Trading Partner API calls, only the custom extension values are displayed. Hence, it is important that the custom protocol names that you provide are valid. Specify the correct customProtocolExtensions attribute and the corresponding custom protocol name.www.ibm.com
I can use them in two ways (or more or both):
a. call them from back-office and other systems (non-human actors) and orb. design a custom UI and use the services (perhaps indirectly as we do) to support stories in the UI
for (a) basic authentication might be ok (arguably although its so general an access it's not very safe, see 2.)...for (b) however I should expect to:
authenticate like a microservice ... pass the identity of the logged in user (token) to SBI with the request so that SBI can assert it and trust it and
authorise like a microservice ... be able to permission the individual REST endpoints - example might be that I can only GET /properties but you can GET PUT POST DELETE them. There is no way to do that in SBI
maybe the best way to do this would be to refactor the /dashboard (and /filegateway etc) to actually use the Product's REST services. AFAIK the product doesn't do that - pls correct me etc.
HI there - I can see this is planned. could I get more information? What specifically is the scope you are aiming for (because I guess there are also authorisation considerations) and it is possible to - tentatively - indicated timeline?
I'd be happy to have a call about this with Ryan in the NY. We are heavy users of the REST services.