►
From YouTube: 20180314 - API Management Working Group Meeting
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
C
D
C
Okay,
so
echo
video
up
today's
subject.
This
is
with
an
earnest.
Well,
EC
has
an
API
working
working
group,
one
of
the
key
aspects
of
80
ml
distribution
like
mediation,
some
common
use,
cases
of
mediation
are
I've,
got
two
or
three
api's
I
want
to
aggregate
them
and
expose
that
as
a
single
API
I
want
to
do
some
conditional
routing,
routing
based
on
content
routing
could
be
based
on
payload.
C
Another
aspect
showing
height
fields,
translate
XML
to
JSON.
These
are
all
typical
things
that
an
API
developer
would
do.
So
how
would
how
would
this
sort
of
a
thing
work
when
you
have
a
sta
service
mesh
deployed,
and
then
we
have
identified?
What
I
think
are
three
patterns?
I
think
spike.
You
mentioned,
there's
a
potential
fourth
one
which
I
thought
was
a
version
of
the
first
one,
but
anyway
we'll
go
through
these
patterns.
I
can't
see
this
picture
now.
A
C
E
F
C
C
The
first
pattern
thinks
of
a
mediation
engine
like
mixer
mixer
is
like
a
rules
advisor
or
online,
and
the
mediation
engine
is
a
mediation
at
wiser
online.
So
we
we
can
think
of
it
as
there's
going
to
be
another
on.
Why
filter
that
called
some
mediation
engine,
so
we
define
a
standard
contract.
Anybody
can
plug
in
their
mediation
engines,
they're
like
technically,
they
could
do
with
their
own
mixer
mediation
engine
would
be
like
that
now.
C
What
happens
in
this
case
is
that
there
it
is
mixer
that
advises
on
whether
to
call
the
mediation
engine
or
not.
So
when
a
request
comes
in,
a
consumer
tries
to
access
an
API
and
when
I
say
this
on,
why
this
is
the
envoy
site
card.
That's
attached
to
the
target
right,
so
this
is
the
site
car
to
the
target,
so
it
doesn't
matter
where
the
consumer
came
from
inside
or
outside
the
mesh.
It
doesn't
matter
call
came
in
this
on
Y
now
called
mixer
and
says:
well,
do
I.
C
Do
some
policy
enforcement
based
on
the
track,
I,
think
or
tokens
quota
Spiker?
Is
that
sort
of
a
thing
and
then
mixer
can
also
come
back
and
say
you
know
what,
by
the
way,
you
need
to
go.
Do
some
mediation
to
on
this
before
you
call
the
target.
This
point
on
I
will
call
a
mean
engine.
The
mediation
engine
does
what
it
does.
C
It
will
have
full
access
to
the
payload,
which
means
that
in
general,
operation
envoy
does
streaming,
but
when
this
happens
on
Y
will
not
stream
will
actually
collect
the
entire
payload
asset
after
the
mediation
under
a
standard
contract
mediation
does
what
it
does.
Hence
that
thing
back
to
envoy
and
now
on
my
forwards
it
to
the
target.
This
is
on
the
request
flow.
Potentially
we
could
do
the
reverse
in
the
response
flow
as
well.
So
when
the
response
goes
back
from
the
target
to
envoy
again,
it
can
check.
D
C
This
would
be
an
addition,
okay,
all
right,
so
so
now
you
have
the
flexibility
to
decide
either
a
design
time
or
at
run
time,
whether
you
want
the
response,
mediation
to
even
be
invoked
or
not
yeah.
So
this
is
pattern.
One
I'm
not
sure
how
you
guys
want
to
do
this,
discuss
all
three
patterns
or
stay
on
this
a
little
more
and
then
go
to
the
second
one.
I
do.
A
Since
I
have
something
to
say,
I'd,
rather
do
it
interactive,
okay,
awesome,
so
I'm
currently
exploring
ways
that
we
can
do
client-side
checks
before
in
a
client-server
relationship.
The
the
client
proxy
would
call
check-in
instead
of
this
server
proxy
I
think
this
would
just
work
the
same
way
right
yeah.
A
D
F
H
I
And
the
other,
the
other
thing
is
it:
it's
actually
quite
uncommon.
All
right
you
can.
You
can
imagine
the
whole
same
train
on
the
on
the
client
side,
but
because
you
may
have
client-side
concerns
that
the
client
wants
to
enforce
and
server-side
concerns
that
the
server
wants
to
enforce.
So
it's
composable,
you
can
have
the
same
thing
again
at
times
as
an
optimization.
You
can
remove
some
of
them,
but
logically.
A
That's
interesting,
so
in
fact
that
this
says
you
can
have
outbound
mediation
in
inbound
mediation,
correct,
so
I've
got
my
service.
That's
producing
requests
in
format
X,
but
now
I
want
to
talk
to
the
service
that
consumes
them
in
format.
Wise
I
can
do
a
transformation
on
the
way
out
and
then
the
implementation
that's
receiving
an
in-form
at
Y
might
also
say:
well,
you
know
I
actually
I'm
implemented
it
format.
Z
convert
it
again.
C
So
the
question
becomes:
who
who
owns
the
mediation
logic
right
from
from
a
pro?
Is
it
the
provider
that
says
well?
This
is
what
I
provide,
and
these
are
the
rules.
I
want
governed.
For
example,
a
quota
quota
is
decided
by
the
provider
because
they
know
how
much
they
want
to
give
out.
It's
not
a
client
side.
It's
on
as
a
client
I,
don't
care
to
decide
it
either
you're
right,
you're,
not
suggesting
that
the
client
decides
it's
just
that
the
enforcement
is
there
well.
A
Now
so
that
that
that's
it
I
think,
there's
there's
there's
two
things.
First,
quotas
is
totally
legitimate
to
be
enforced.
So
there's
a
there's
a
like
an
in
the
in
the
Google
systems.
We
have
a
quota,
that's
specified
by
the
producer,
and
then
the
consumer
can
set
a
its
own
quota
that
can
be
lower
or
equal,
so
they
can
use
the
kind
of
self
limiting
yourself
I
team.
A
So
in
this
case,
what
I'm
suggesting
is
that
in
the
communication,
it's
it's
totally
reasonable
for
a
service,
that's
making
an
outbound
call
to
say:
hey
I
want
to
do
a
conversion
on
the
way
out
right.
That's
Mike!
That's
my
prerogative
as
a
client
right,
it's
my
prerogative
as
a
server
to
also
say
I
want
to
convert
incoming
requests
on
the
way
I
got
it.
I
Actually
they're
two
orthogonal
things
one
is:
is
the
point
of
enforcement,
which
can
be
independently,
decided,
okay,
and
then
there
is
the
there
is
the
ownership
like
whose
concern
is
this?
So
we
have
already.
You
use
the
example
which
is
again
apt
in
this
case,
which
is
that
T
is
scan
on
outbound
traffic
right,
that
is,
a
client
side
consume.
I
The
client
wants
to
make
sure
that
it
doesn't
inadvertently
end
up
leaking
care
to
some
outside
service
so
that
the
client
should
be
able
to
configure
and
on
the
way
in,
like
normal
web
application,
firewall
style
things
I
want
sequel
injection
to
be
to
be
performed
before
someone.
It's
my
service
is
a
server-side
concern
and
again
the
enforcement.
We
cannot
or
suddenly
decide
if
you
have
good
customers
to
move
them.
F
G
H
Compelling
about
this
idea
of
moving
the
mixer
check
or
allowing
an
extra
check
to
be
done
on
the
client
side.
Is
it
would
let
you
because
right
now,
routing
rules
and
are
kind
of
done?
First
then,
we're
over
here
in
the
mixer
mixer
has
no
ability
to
put
some
custom
code
in
to
go
and
muck
around
with
some
stock
and
affect
the
route.
H
A
F
A
J
F
I
propose
that
we
should
think
that
this
is
a
great
kind
of
sequence
diagram.
However,
we
propose
basically
a
couple
of
different
architectures
that
this
can
be
used
in
and
the
sequence
is
identical,
which
is
kind
of
elegant,
but
I
think
that
we
should.
We
should
add
that
and
and
kind
of
have
some
you
know
potential
deployment
topologies
and
where
and
when
these
might
be
used
and
what
the
use
cases
are
I
mean.
We
should
add
that
to
this
dock
or
as.
J
J
F
C
Right
and
just
to
the
point
that
we
just
concluded
this
pattern,
one
itself
has
two
variations
and
I'm
now
convinced.
Although
I
started
off
with
thinking
this
on
wise
on
the
provider
side
and
convinced
that
this
on
Moi's
on
the
consumer
side
and
then
the
mixer
is
affecting
it,
because
then
you
can
also
do
routing
rules
based
on
the
mixer
attributes,
I'm
convinced
so,
but
it
doesn't
change
the
mediation
and
the
sequence
diagram
itself,
but
it
changes
the
Envoy
who's
one.
Why
is
that.
G
J
Like
we
have
a
service
mesh
right,
we
have
routing
rules,
we
have
envoys
managing
all
the
traffic.
So
with
the
tools
that
we
have
today,
it
should
be
possible
to
insert
a
route
such
that
the
traffic
between
any
two
end
points
that
you
care
about:
traverses,
a
third
service
which
has
access
to
the
pelo
which
has
access
to
headers,
as
has
all
this
stuff
that
that
we
care
about.
Why
do
we
need
to
propose
this?
This
new?
J
C
D
C
D
C
A
D
A
Key
point
is
this
is
a
common
pattern.
We
believe
there's
value
in
us
supporting
this
as
a
first-class
concept,
or
is
it
okay
to
do
it
in
an
ad
hoc
life?
Customers
do
this
in
an
ad
hoc
fashion,
but
can
we
build
tooling?
Can
we
build
better
observability
if
Steel
has
a
deep
understanding
of
what
this
is.
D
That's
the
protocol
for
mediate
could
be
very
simple.
However,
there
are
still
nothing
out
there
that
does
that
there
are
a
lot
of
proxies
out
there,
which
is
the
advantage
of
the
anti
pattern
of
having
just
a
proxy.
But
if
we
make
this
protocol
simple
enough,
it
could
be
a
place
where
a
lot
of
value
could
be
added.
J
Could
you
give
some
examples
scanning
content
for
PII,
there's
no
I
mean
give
some
examples
of
where
the
new
pattern
adds
more
value
than
the
existing
proxy
pattern.
C
Let's
say
that
I
want
to
I
think
two
or
three
api's,
and
then
that
has
a
more
of
a
composite
API
and
then
based
on
the
JWT
token
I
get
I
want
to
show
or
hide
fields
from
it.
Now
one
could
definitely
write
code
for
it
and
just
why
that
itself
hasn't
as
a
4th
API.
That's
certainly
one
one
way
of
doing
it
or
you
could
introduce
a
mediation
engine
where
the
mediation
engine
can
decide
when
I
want
to
expose
just
one
of
that
API.
Sometimes
I
want
to
aggregate
two
of
these
api's.
C
A
G
H
H
There's
two
separate
things
here
like
do.
We
have
such
a
bill
against
service,
a
mediator
that
you
use,
or
everyone
just
writes
their
own,
but
that's
completely
separate
from
whether
it's
being
called
with
some
special
mechanism
that
we
built
like
a
mixer
or
into
the
Envoy
or
whether
we
just
use
route
rules
or
that's
like
that
right.
So
we
clouding
these
discussions
by
you
know,
I,
don't
see
what
use
case
says
that
the
implementation
mechanism
warrants
going
with
route
rules
instead
of
two
or
three
days
well,.
J
I
Think
I
think
that
the
yeah
I
mean
if,
if
we
saw
so
far
prior
to
Lua,
you
could
not
express
arbitrary
logic
inside
and
boy
with
who
are.
You
can
actually
Express
arbitrary
logic
with
whatever
you
want
and
then
you
can
actually
make
a
decision
based
on
that.
So
with
that,
yes,
it
is
possible
to
make
an
arbitrary
decision
based
on
some
things
and
say:
okay,
that's
where
I'm.
H
Headed
mixer,
mixer
being
called
on
the
client
side
on
boy
as
well.
You
get
even
the
ability
to
put
a
mixer
and
do
some
of
the
mediation
things
itself
and
if
they
can't
then
pass
back
some
flags
in
some
way
that
envoy
now
Arab
rule
will
kick
in.
That
will
now
call
a
mediator.
So
you
can
really
do
clever
things,
especially
if
you
get
mixed
or
called
before
before
routing
right,
yeah.
C
I
So
I,
don't
I,
think
I
think
it
is
still
orthogonal
right.
I
mean
we.
We
did
go
through
cases
where
it
makes
sense
that
if
it
is
a
server-side
concern,
then
you
want
that
to
be
under
the
server's
control
yeah.
And
if
it's
a
client-side
concern,
then
you
want
it
understand
under
the
clients
control
so
where
it
runs,
are
independent
decisions
based
on
whether
security
is
paramount
or
performance
is
paramount
or
all
those
things
I,
don't
think
I,
don't
think
this
actually
dictates
one
or
the
other.
There's.
A
C
Is
it
is
still
to
decide
or
I
was
thinking
that
you
know
there'd
be
two
kinds
of
mixer
rules
right,
one
that
the
provider
defines
one
that
a
consumer
can
define
both
are
executed
by
the
client-side
envoy,
but
I
don't
have
to
change
I,
don't
have
the
permissions
to
change
the
server
side
or
the
provider
side.
So
that's.
This
is
saying
out
of
that.
A
Mindset,
there's
SEO
as
a
whole
is
in
control
of
all
the
proxies
and
they're
trusted.
So
we,
the
intent
of
the
service
producer,
might
be
convert
incoming
traffic
in
this
form
or
convert
other
one
traffic
in
this
form
and
then
mixer
will
and
then
SEO
will
decide.
Where's
the
best
place
to
do
this
on
this
client
proxy
and
the
server
proxy
makes
maybe
depends
on
the
load.
Maybe
depends
on
the
shape
of
the
data
whatever
so
right,
so
you
could
have
an
environment
where
you
said:
okay,
we
have
a
highly
highly
provisioned
target
target
service.
C
A
H
A
C
A
C
That
well,
let's
look
at
the
other
two
or
other
three
okay
and
then,
and
then
maybe
we
pick,
whichever
you
think
is
right.
Okay,
you
know
the
second
pattern,
I
think
largely
works
and
one
dot.
Please
correct
me
if
I'm
wrong,
because
this
was
inspired
by
what
you
wrote
is
what
cloud
foundry
does
without
services
don't-
and
this
is
inspired
by
that.
So
this
actually
and
spite
you
to
your
point.
This
brings
in
an
intermediary
service.
It's
a
service
in
its
own
right,
but
it's
a
special
service,
an
intermediary
service.
C
It's
not
a
regular
service,
so
east,
your
service,
Michigan,
know
about
it
that
this
is
not
the
final
or
the
actual
service.
This
is
a
place
that
consumers
go
to
before
they
get
to
the
actual
end
point,
and-
and
it
is
this
intermediary
service,
where
you
plug
in
your
your
mediation
engine.
So
this
is
how
I
captured
what
this
does
correctly.
Mother.
I
F
I
I
F
I
C
If
you
imagine
this
use
case,
where
I
want
to
hide
the
versions
from
my
consumer
and
then
based
on
who
the
consumer
is
I,
sent
them
to
the
appropriate
version
in
that
sort
of
a
use
case,
the
intermediary
is
the
actual
one
that
decides
where
the
traffic
should
be
routed
to,
and
it
decides
that
maybe
on
the
consumers,
identity
or
something
in
the
payload
or
something
to
say.
Okay,
you
belong
to
version
one.
You
belong
to
version
two
and
so
on,
so
it
becomes
so.
C
L
C
H
This
picture
is
really
just
using
wrap
rules
today,
where
you
would
set
one
route
rule
that
says
the
costs
from
consumer
to
target
should
go
to
intermediary.
So
that's
one
route,
rule
that
says
that
and
then
there'd
be
another
route
rule
that
says
Boston
target
where
the
source
is
intermediary
should
go
to
target.
So
if
you
have
two
rules
set
up,
this
is
exactly
the
flow
that
you
get
I.
Think
in
and
ARS
proposal
was
to
enhance
the
routing
model
a
little
bit.
J
I
That's
not
that's
not
correct,
so
these
are
operating
like
at
pretty
late
right.
This
is
after
routing,
so
just
destination
doesn't
carry
enough
information.
On
the
other
side
too,
to
really
say
where
it's
headed
right,
you
may
have
source
of
a
routing
on
the
source.
So
there
is.
There
is
more
context
that
needs
to
go
into
into
the
next
hop
here.
K
I
C
Think
that
we
also
need
to
somehow
translate
security
rules
into
this,
where
there
may
be
a
rule.
I
have
defined
that
a
cannot
invoke
B,
but
now
that
I
introduced
an
intermediary
doesn't
shouldn't
mean
that
that
rule
is
now
no
longer
enforced.
So
a
security
context
still
needs
to
be
passed
along.
So
now
we
can
still
reject
it
and.
I
Yes,
filtering
it
like
an
intermedia
can
do
at
any
anything
it
wants
with
with
filtering,
but
on
the
way
out
in
order
to
make
so
again,
if
you
have
source
of
a
routing
at
the
source
end
and
based
on
the
outing
rules,
you
have
chosen
a
particular
upstream
cluster.
The
ups,
the
upstream
cluster,
has
more
information
than
just
the
host,
so
we
want
to.
We
want
the
intermediate
to
make
the
same.
A
J
No
I
mean
if
the,
if
you're
doing,
mutual,
like
authentication
or
or
something
like
that
between
between
the
envoys
like
we,
you
you'll,
still
get
the
the
source
information,
or
at
least
the
intermediary
would
have
as
much
information
about
the
source
as
the
target
would
have
right,
whether
it's
mutual
TLS.
So
you
get
spiffy
IDs
or
it's
just
normal
HTTP.
A
So
that
and
that's
why
I
think
the
real
problem
is
the
fact
that
in
when
there
is
an
intermediary,
the
target
will
not
see
that
information
in
it.
So
I
think
that's.
That
means,
if
you're
trying
to
apply
policies
on
the
target.
It's
not
gonna
work.
The
way
you
wanted
to
you
need
to
apply
all
these
policies
on
the
intermediary.
Okay,.
C
J
D
I
mean
the
reason
why
I
keep
coming
back
to
the
solution,
even
though
I
know
other
ones
are
more
interesting,
is
that
there
are
lots
of
things
in
the
world
would
know
how
to
be
a
proxy.
What
I
think
about
the
people
who
are
going
to
be
consuming
this?
Do
oh
I
need
a
proxy
that
you
know
converts
my
you
know,
mysap
to
my
rest,
api,
oh
I
have
one
right
here.
D
C
Exactly
the
the
target
must
get
the
intermediaries
identity
as
well
as
the
original,
so
the
security
context
from
the
source
must
be
passed
on,
so
the
target
can
decide,
but
also
must
independently
establish
trust
to
trust
the
intermediary.
Then
you've
got
to
think
about
what.
If
there
is
an
intermediary
for
the
intermediary
yeah
and.
C
H
There's
an
intermediary
generic
engine
implementation
that
we
write
and
provide
that's
a
very
trusted
thing.
It's
doing
all
the
right
stuff
and
that
one's
safe
and
then
the
other
type
of
intermediary
would
be
ones
that,
but
the
application
decided
to
putting
themself.
They
wrote
some
service
that
they
want
to
plug
into
this
picture,
and
then
it's
you
know
they
have
to
trust
their
own
about.
A
So
I
I
and
I
worry
about
the
user.
The
usage
model
of
this,
where
our
policy
is
applied
by
the
operator,
if
we
hide
the
intermediary,
as
basically
it
becomes
an
implementation
detail
of
a
service
and
I,
don't
need
to
think
about
it
when
I'm
applying
policies
in
general.
Thank
you.
This
intermediary
can
talk
to
me
knows
just
like
the
proxy
is
drama
on
the
proxy
to
services
and
they're
easily
become
one.
A
You
can
imagine
this
intermediary
logically
disappearing,
and
it's
just
it's
just
an
implementation
detail
at
the
between
the
proxy
between
the
between
the
time
that
the
traffic
arrives
at
the
proxy
and
is
delivered
to
the
service.
There's
this
extra
thing
happening,
but
it
doesn't
count
in
the
policy
model.
That's.
J
What
I'm
saying
I
don't
think
that
that
that
works
as
soon
as
the
intermediary
is
in
a
different
trust
zone
than
the
source
right,
the
the
Envoy
that's
next
to
the
source
is
in
the
same
trust
zone,
and
so
it's
fine
to
sort
of
collapse.
Those
things
in
terms
of
your
policy
model,
but
the
intermediary
is
in
a
different
trust
zone,
and
so
it's
definitely
not
fine
to
collapse
them
in
in
your
in
your
trust,
model.
A
A
B
D
C
L
I
I
M
A
C
B
C
E
B
C
Okay,
so
we'll
practice
in
the
interest
of
time
we'll
go
look
at
the
other
options
and
then
compare
them
pattern.
Three
is
to
change
something
that
from
from
the
behavior
today.
Well
all
the
previous
two
patterns
also
did
this,
but
essentially
mixture
now
receives
the
payload.
Then,
when
this
adapter
is
enabled
and
the
mediation
engine
is
an
adapter
to
mixes
and
and
now
so
it's
we
just
treat
it
like
anything
else.
Mixer
is
not
just
header
and
the
URL,
it
gets
everything,
and
now
you
can
choose
to
decide
what
you
want
to
do
with
it.
C
H
Previous
call
is
decided
that
yeah.
This
would
be
a
nice
pattern
for
the
cases
where
you
don't
have
to
have
access
to
the
the
request
body
yet
and
you're
just
rocking
with
headers
and
things
like
that,
or
there
might
be
even
some
optimal
subsets
that
you
can
do
this
way,
but
then
the
mediator
that
has
to
be
called
externally
as
a
separate
thing,
is
a
use
case
that
is
still
going
to
be
there.
This
covers
partial.
C
This
with
this,
you
can
call
an
external
mediator.
I
mean
as
long
as
you
you're
writing
the
adapter
right.
You
can
then
forward
that
request
to
any
way
to
any
place.
You
want
right.
So
it's
just
that
again.
Back
to
the
original
point.
That
request
has.
It
has
to
be
a
request
response.
You
don't
want
the
target
now
going
directly.
Sorry,
the
intermediary
going
directly
to
the
target
same
restrictions
apply
here,
but
now
there's
a
place
for
people
to
plug
in
their
mediation
engine.
C
H
A
D
D
C
Yes
and
mutter
to
your
point,
we
could
have
some
optimizations
of
you
know
pass
me
only
the
headers,
but
then
allow
the
adapter
to
edit
those
headers
to
add,
modify
headers.
That's
that's
also
a
key
thing
that
would
be
satisfied
with
this.
That
adapters
can
modify
the
content
that
will
again
reduce
the
need
for
other
mediation
engines.
If
they
can,
we
tried
some
of
these
so.
A
So
we
could
support
rewriting
headers
almost
today
yeah,
even
though
the
protocol
supports
it.
We
just
would
need
to
add
a
little
logic
in
the
proxy.
Well,
that
shouldn't
be
too
hard
like
I
could
also
imagine
where
we
so
are
there
patterns
where
you
don't
need
all
the
data,
all
the
payload
and
just
like,
maybe
the
first
day
of
it
or
something,
or
is
that
yeah
yeah.
D
D
D
But
they're
still
out
there
is
that
the
SoCal
headers,
but
not
the
body
yeah
and
also
even
things
like
you
know,
certain
kinds
of
content,
validation.
Yes,
okay,.
C
E
C
Some
general
protection,
where
I
as
a
provider,
don't
want
to
accept
10
Meg's
of
data
I
want
to
filter
that
out.
Alright,
so
I
just
want
the
content
size
to
not
exceed
I
K
10
K,
whatever
it
is
I
decide
and
if
it
exceed,
is
that
blocking
I
want
to
be
able
to
specify
some
rules
like
for
that.
So
you
can.
A
C
A
Then
you
need
to
start
sending
some
of
the
payload
down
okay,
so
if,
if
the
payload
is
small,
it
won't
really
won't
hurt
mixer
at
all
it
just
if
suddenly
mixer
starts
getting
these
10
megabyte
chunks
of
data
with
every
request
then
suddenly
makes
risk.
Ups
is
going
to
go
down
the
toilet
or
SLO,
whatever
it's
going
to
send.
It
drop.
H
M
H
H
A
H
Away
the
problem,
but
looking
at
optimizations
of
the
you
know
just
doing
accidents
work,
that's
all
we're
talking
about
which
I
think
can
come
later
sort
of
my
overall
thinking
like
I,
don't
think
it's
not
it's
a
bad
idea
cases
but
I
think
we
get
something
after
working
without
any
of
this.
Initially,
you
start
optimizing.
These
cases
later,
I
think
so
it
else
under
the
covers
for
London
spend
at
something
that
they
should
be.
Okay,.
A
So
the
minimum
work
we
need
to
get
something
running
will
end
in
a
meaningful
way.
Is
we
just
treat
these
intermediary
guys
as
regular
services
in
the
mesh,
and
the
only
addition
we
provide
is
some
sort
of
affording
of
attributes
that
the
the
target
service
can
I
can
understand
what
the
original
source
was.
This
is
listened
to
mediated
sources,
as
opposed
to
just
so
that
that
way,
you
can
express
policies
in
the
meeting
some
way,
I
think.
C
A
C
A
I
Know
I
think
I
think
I
think
that
this
again,
depending
on
what
your
use
case
is
underneath
I,
don't
think
these
are
I
mean
I.
Don't
think
we
even
need
this
to
solve
some
of
the
problems,
but
you're
mentioning
right
like
if
you
have
a
real
intermediary,
but
you
can
just
have
a
proxy
that's
inserted.
If
you
can
do
everything.
I
I
Both
those
kind
of
give
you
the
same
thing,
and
you
can
have
the
second
one
now
right,
but
essentially
the
VI
just
kind
of
exposes
it
and
makes
the
first
class
you
can
use
it
out.
Ruth
and,
like
I
mean
you
have
to
use
them
correctly,
but
you
can
use
them
and
you
can
make
it
happen
happen
today.
So
my
question
is:
what
is
it
physically
like
what
UK
is
driving
this
particular
pattern.
C
E
H
Even
when
it's
not
necessary,
but
you
could
get
something
up
and
running
if
you
scroll
down
to
the
very
bottom
of
this
document,
nonde
the
very
last,
the
very
bottom
of
it
I
have
a
link.
Do
I
did
this,
it's
just
a
little
example.
If
you
click
on
that
little
very,
very
bottom
of
the
this
is
to
comment
on
the
far
right.
There's
a
link
to
a
github
there,
a
fire
thing.
I,
really.
You
know
the
very
pirate
yeah.
If
you
click
on
that
link,
you
can
see
that
basically
a
little
experiment
to
just
show.
H
H
D
F
H
There's
two
rules:
the
first
one
is
is
basically
saying,
but
you
know
when
you,
when
you
send
traffic
to
details,
it
should
go
to
it.
So
most
anybody
making
requests
the
detail
service
should
just
go
to
this
verify
them
instead
and
then
the
second
rule
basically
says:
unless
it's
the
verifier
who's
making
the
call
and
you
then
you
send
it
to
the
target
and
and
all
I
basically
have
to
do,
and
the
verifier:
let's
do
its
verification,
clingy
and
then
look
at
the
original
destination,
and
so.
A
H
A
A
Relative
to
everybody
else
and
the
rules
that
I
have
defined
on
my
service
itself
no
longer
work
because
they're
there,
the
alder
traffic,
is
gonna,
come
from
the
intermediary
instead
of
from
the
real
turtorial
right.
I
think
we
need
to
fill
in
those
gaps
to
be
dis,
useful
and
that's
where
having
this
notion
of
intermediary
as
a
first-class
thing
is
well.
H
Know
I'm
kind
of
standard
service
where
this
code
gets
called.
You
know
where
my
actual
intermediate
it's
a
little
pipe
on
things.
Part
of
this
example.
You
can
run
it
it's
trivial,
it's
this
little
Python
thing,
but
you
know
the
bottom
line
is
that
there
was
this
first
verifier
service
packets
that
we
provided
instead
of
me
just
line
this
little
Python.
They
also
this
then
you
know.
H
Even
get
called
for
a
lot
of
the
cases
and
yeah
as
soon
as
you
can
do
the
client
side,
envoy,
stuff
or
the
client
side
mixer
stuff.
Then
then
you
really
got
something
nice
because
then
you
know
the
first
passes.
This
goes
up
to
the
mixer
adapter
that
that
you
know
can
decide
to
do
you
know
whatever
header
transformation.
I
did
whatever
the
various
things
they
can
do.
H
Something
that
has
to
you
know
have
full
access
to
the
request
body.
That's
going
to
do
a
transformation
like
that,
then
it
just
basically
flips
the
switch
slip.
The
match
criteria
of
the
other
module
now
goes
to
the
goes
to
the
so
you
know,
I,
think
I,
think
my
point
I'm
just
trying
to
make
here
is
I.
Think
the
underlying
mechanisms,
machine
kind
of
under
the
covers,
there's
this
stuff
and
I.
Don't
yeah.
H
H
F
I
Planning
planning
like
it
doesn't
go
back
to
that.
That's
whether
it
is
the
post
class
function
of
via
or
an
intermediate
or
not
right
in
in
this
case,
we're
saying
there
is
not,
and
the
user
is
achieve,
that
effect
directly
by
programming.
Note
rules
and
we
are
actually
gives
you
a
way
to
model
that,
and
then
you
can
build
on
top
of
it.
But
now
the
system
knows
that
there
is
this
thing
in
the
middle.
Clearly
yeah.
C
To
to
use
cases
consider
one
is
I,
have
already
built
some
security
rules
for
my
service
and
then
I
introduced
an
intermediary.
You
change
anything
to
those
rules.
Do
I
need
to
rewire
it
I
make
those
rules
aware
of
the
intermediary
is
one
and
second,
is
the
passing
of
security
context
to
the
target
so
that
the
target
still
knows
who
actually
corny,
which
shouldn't
just
look
like
the
intermediary
is
the
only
thing
accessing.
H
I
It
it
has,
it
has
to
be
trusted
like
if
MPLS
is
gonna
terminate
at
the
intermediary.
The
payload
is
going
to
be
all
available
to
the
intermediary,
so
whatever
trust
is
needed
to
make
that
happen
has
to
be
there
and
then
on
the
other
side,
the
other
side
is
actually
a
little
bit
different
right.
The
target
can
decide
that
the
target
should
have
identity
the
boat.
It
should
have
the
identity
of
the
original
host
and
the
intermediary,
and
at
that
point
can
decide
whether
something.
H
H
J
H
A
So
I
I
guess
I
see
that
as
a
complimentary
compliment,
complimentary
features
so
to
put
a
plug
in
for
the
configure
architecture
that
we're
working
on
again
that
there's
a
distinction
between
what
the
user
writes
and
what
the
system
runs.
I
think
what
what
Frank
wrote
here
is
what
the
system
runs,
but
what
the
user
writes,
the
user
wants
to
say
my
service
has
these
policies
against
these
other
services
and
if
there's
15
proxies
between
me
and
the
other
service,
that's
an
implementation
detail.
J
A
Correct,
but
is
the
the
common
pattern
sufficiently
common
that
we
can
say
look.
This
is
the
behavior
that
we
provide.
If
it's
not
sufficient,
you
need
to
break
the
glass
and
kind
of
roll
your
own
at
that
point,
because
a
pattern
that
Frank
showed
is
immediately
achievable
today
without
any
change
to
SEO
is
just
not
I.
Consider
not
a
a
pleasant
user
experience.
So
can
I
address
a
95
percent
case
with
a
nice
user
experience
and
leave
the
5
percent
to
go
to
with
the
hard
way
I.
A
Thought
in
terms
of
spectrum
of
solutions
here,
I
think
we
we
we've
explored
a
few
different
things
that
that
that
can
cover
this
spectrum
so
allowing
the
mixer
to
rewrite
headers.
That's
one
thing:
allowing
the
mixer
to
influence
routing
decisions.
That's
another
thing:
allowing
the
user
to
express
its
person
to
mediation
using
it
kind
of
dis.
High-Level
mechanism
is
the
next
part,
and
then
finally,
is
the
we
don't
care.
Do
what
you
want
using
the
core
building
blocks
and
you
kind
of
covered
the
gamut
there.
H
Who
sort
of
agreeing,
though,
that
there's
not
one
solution?
Here's,
but
all
these
solutions
have
are
applicable
for
certain
use
cases
and
and
learn
from
an
optimization
perspective
that
up,
then
you
know
just
the
ability
perspective.
Like
the
worst
case
scenario,
you
have
to
hop
out
to
some
service.
I
think
is
what
we're
kind
of
leaning
towards.
Maybe
it
maybe
not,
but
the
other
cases
where
you
can
do
it
in
mixer.
You
should
go
to
mixer,
but
I
and
I
don't
know.
H
A
C
H
I
The
the
use
cases
are
slightly
different
right.
If,
if
you
actually
want
real
transformation
of
content,
then
you
cannot
have
a
mixer
adapter,
why
I
mean
should
not
today,
but
if
so
for
mixer
to
add
payload
right,
if,
if
you
have
like
the
protocol,
will
have
to
change
like
that,
the
first
hundred
bytes
works,
but
first
hundred
bytes
is
again
not
useful
for
content
transformation.
So
we
could.
I
We
could
still
do
what
mixer
is
normally
intended
to
do,
which
is
look
at
headers,
make
decisions
and
send
back
some
headers
that
is
actually
orthogonal
to
intermediate
or
not
right
how
those
headers
are
used
once
they
get
back
to
envoi
is
a
separate
story.
Yes
and
yes,
those
headers
can
be
used
to
decide.
Oh
well
now
the
route
changes
and
therefore
it
goes,
runs
to
an
intermediary,
but
I
don't
think
that
so,
especially
from
a
Content
transformation
perspective.
I,
don't
think
these
two
things
are
very
closely
linked.
They
are
they're
complementary,
not
closely
linked.
I
We
cannot.
We
cannot
do
content
transformation
fully
in
mixer
because
it
would,
we
would
have
to
start
streaming
or
or
envoi
will
have
to
read
the
entire
content
in
memory
and
then
send
the
whole
thing
over,
like
both
of
which
I
don't
think.
We
really
want
to
do
so.
The
first
hundred
bytes
first
10
bytes
words,
but
now
we
can't
use
it
for
transformation,
quick.
So,
but
it
just
means
that
some.
A
Early
use
case
is,
if
you
just
if
we
don't
do
anything
compared
to
today,
there's
a
lot
more
use
cases
that
require
a
full
separate
service
running
to
do
the
intermediation
and
if
we
just
start
adding
a
few
features
in
mixer
here
and
there,
we
can
eliminate
a
lot
of
these
use
cases
and
just
fall
back
to
this.
The
basic
infrastructure
without
an
extra
service
yeah.
G
J
C
That
so
I
feel
that
that's
against
the
philosophy
of
sto.
This
may
sound
controversial.
But
if
we
just
write
on
my
filters,
don't
need
the
rest
of
the,
maybe
I
don't
need
mixer
at
all
right.
You
can
just
put
in
a
big
on
my
filter
to
do
everything.
Yes,
I
think
that
is,
if
you
are
sold
into
just
the
Envoy
ecosystem,
then
yes,
that
method
works
well,
where
you've
just
bought
into
own
way
and
not
the
rest
of
it
till
we
shouldn't
have
to
three
methods
of
you
know.
Yes,
you
can
right
go
adapters.
C
A
So
hold
on
there's
a
there's,
yet
one
more
choice
that
actually
simplifies
them.
So
it's
my
intention
that
perhaps
maybe
around
next
year,
mixer
starts
based
on
mixer
config
mixer
will
produce
Lua
scripts
that
it
sends
back
up
to
envoy
dynamically,
so
the
intent
there
was
so
that
the
first,
the
first
use
case
for
this
is
to
have
the
basically
the
ability
to
create
a
sophisticated
cache
look
up
based
on
Lua
scripts,
so
improve
improved
efficiency
of
the
cache.
A
There's,
nothing
preventing
us
from
also
sending
up
more
slightly
more
sophisticated
programs
over
time
to
achieve
behavior.
It's
strictly
efficiency,
say
efficiency,
say
the
user.
Mod
will
remains
the
same,
but
suddenly
computations
move
to
the
proxy
and
in
in
more
cases
you
don't
need
to
talk
to
mixer
anymore.
C
That's
that's
an
engineering
optimization
and
we
should
definitely
explore
it,
but
customization
optimization
should
present
eight
different
languages
to
do
it.
You
can
write
some
and
go
some
in
C++
and
some
in
Lua
I
mean.
Then
it's
just
a
mess
to
maintain
this.
It
gets
complicated,
yeah,
I,
totally
agree.
A
D
I
mean
I
think
to
anandhan
was
saying
before
this
do
works.
If
the
proxy
is
super,
reliable
and
simple
and
lightweight
and
fast,
and
if
we
start
putting
all
kinds
of
custom
user
written
code
in
envoy
and
distributing
it
to
all
the
envoys
in
the
mesh,
we
now
have
a
distributed
app
server.
It's
not
going
to
make
anybody
happy.
So
we
just
need
to
be
I
mean
I
mean
we
went
down
this
road
with
Apogee
and
we
hear
about
it
all
the
time
it
would
be
great
to
you
know
be
careful
about
that.
D
So
how
heavy-duty
or
how
expensive
is
the
Lua
engine?
Oh
I'm,
sure
it's
cheap,
but
I
mean.
If
you
can,
you
know
you
know
calculate
your
blockchain
in
it,
then
someone's
gonna
do
it
and
maybe
it's
their
problem,
but
I
mean
you
know
someone
who's
gonna,
you
know.
Sometimes
someone's
gonna
run
a
World
of
Warcraft
in
a
you
know,
in
a
box,
I'm
exaggerating
slightly
but
I
mean
you
know.
M
And
it's
so
do
whatever
you
want
from
adding.
Having
added
support
for
this.
These
use
cases
in
CF
majority
of
the
use
cases
were
not
how
to
enable
the
developer
of
a
micro
service
to
program
their
own
filters,
but
how
to
enable
an
operator
to
inject
a
service
which
already
exists
with
already
paying,
for
which
may
be
an
appliance
into
the
request
path.
So
nobody
wants
to
write
an
adapter.
Nobody
wants
to
write
a
filter.
Nobody
wants
to
write.
Lua
I've
already
got
this
clients
I
want
to
send
requests
for
some
services
through
it.
If.
I
And
and
the
a
proxy
type
design
does
solve
most
use
cases,
I,
think
and
independently
what
mixer
can
solve
mixer
can
or
can
already
solve
right,
including
getting
first
100
bytes
and
injecting
more
headers
back
into
the
stream
and
affecting
because
I
I
think
the
there
is
like
a
narrow
strip
of
use
cases
which
that
particular
mediation
model
we're
gonna
solve.
But
for
other
things
to
the
stuff
that
and
I'm
just
mentioned,
we
are
going
to
have
to
inject
a
whole
proxy.
Anyway,
there
is
no.
There
is
no
substitute
to
that.
A
Okay,
so
I
propose
that
we
write
a
little
a
quick
little
summary
of
this.
That
just
says
here
at
the
core
mechanism
that
we
want
to
add
to
the
core
features
we
will
to
add
to
mixer
in
general
and
then
I
think
for
I'd
be
happy
for
now.
We
choose
this
pattern
of
just
an
inserting
a
proxy
if
we
can
figure
out
I
guess
I'm
in
favor
of
the
via
via
pattern
as
a
our
first
foray
into
this
face.
Augmented
with
these
mixer
features
a
bit.