Name: Security API Gateway
Description: There is an increasing need for a centralized Wikimedia service capable of making available certain security-related APIs for various MediaWiki extensions, services, external applications and users. Due to certain sensitive elements (sensitive data, commercially-licensed data, etc.) this service would need to live within Wikimedia production, have some variety of general authn/z mechanism and be highly available. Initial API candidates would likely be feed options related to the protected task T265845 and T250227.
Timeline: Tentatively by the end of Q3 2022 (March 2022)
Point person(s): @sbassett, @Reedy, @Mstyles, @STran
Technologies: Likely service-runner and various nodejs glue code to manage ingestion/consumption and authn/z layers.
Request flow diagram: To be created, though these will likely be minimal as this would be more of a stand-alone API service with its own authn/z.
n.b. keeping Service-deployment-requests untagged for now as this effort is currently very early in the initial planning stage (more proof-of-concept, minimum-viable-product) and might require an RFC or similar technical discussion phase.