Currently APIcast has some built-in features (e.g. OIDC with RH-SSO), but the idea is to give users the possibility of choosing and configuring which ones they want to enable, by service, in the UI. In order to be able to do so, APIcast needs to be modified.

At a high level overview, system will provide APIcast with the service registry and configurations, and the gateway will model those as policies. The gateway needs to be able to process the request and modify it according to the active policies in the pipeline.