Here at Burton Catalyst, many people are using Twitter clients on conference WiFi connection. Like me, many people are searching on the #CAT10 hashtag to see the latest conversation. However, twitter is rate-limiting the connection to its search service based not on identity but based on client IP address.
It is so ironic that here we are at a conference largely about identity and managing Cloud-based services, and the discussion is being curtailed by very primitive API management which ignores identity in favor of very primitive rate-limiting based on IP address.
You can see the difference between two approaches in the Vordel configuration below. In the first screen you see part of a policy which limits based on IP Address (what Twitter is doing here).
This makes for a very brute-force rate-limiting policy. But if you change the "key value" configuration item so that you instead control access based on client identity (which Vordel provides as the "authenticated.subject.id" variable) then this allows much more sophisticated throttling based on identity, even when multiple clients are coming from the same IP address.
A built-in, shock-proof crap detector
7 hours ago