Major Description
We now start to have apicast policies that a customer can decide to use in their policy pipelines.
We have the apicast and other policies which we decide to include and cannot be removed by the customer (our 50K rate limit etc).
We also have two optional policies:
- token introspection
- gateway/service-level rate limiting (the one contributed by Hitachi)
We need to decide if:
- these are useful for multiple customer (mcheshir@redhat.com CScarborough)
- if they can't cause issues in SaaS (me, mcichra etc)
- if they won't cause more support problems than they solve (rhn-support-dmayorov
and whether to leave them in or hide them for SaaS users.
On a side note, at some point I am sure we will have policies that we don't want to make available to all customers in SaaS and so we will need to be able to build/deploy the apicast hosted without them, based on a config file / policy list or manifest....so we should start thinking about that also.
