SlideShare uma empresa Scribd logo

Talk Microservices to Me: The Role of IAM in Microservice Architecture

WSO2
WSO2

This slide deck explores the challenges of securing microservices, best practices to overcome them, and expectation of IAM in the microservice architecture. Watch video: https://wso2.com/library/conference/2018/07/wso2con-usa-2018-talk-microservices-to-me-the-role-of-iam-in-microservice-architecture/

Tecnologia
1 de 37
Baixar para ler offline
Technical Lead, WSO2 Talk Microservices to Me: The Role of IAM in Microservices Architecture Darshana Gunawardana
Microservices ● The foundation of microservice architecture is about ○ Developing a single application as a collection of small and independent services ○ That are running in their own process, developed and deployed independently ● Provides a focused, scoped and modular approach for application design ● Not just about an architectural pattern ○ Driven by the primary goal  - speed to production
● All the services are deployed in the same application ● The application server itself provides session management features ○ All the services can share a user’s login status ● The interactions between services are local calls ● Authentication is done centrally at an interceptor ● Passing login context varies from one platform to another Monolithic Applications
Traditional Application level security ● Authenticating end user ○ Multiple user repositories ○ Multiple IdPs ● Authorizing end user ○ Centralized policy enforcement ○ Centralized policy evaluation
Monolithic vs. Microservices User Session Single Container Single Container Single Container Single Container Single Container
● Microservices are independent to each other ○ Each service has to enforce authentication, authorization ● Broader attack surface ● Scalability ○ Each service will serve thousands of requests per second ○ There can be hundreds of microservices ● Performance ● Deployment complexities ● Polyglot architecture Challenges
On behalf of user, need to access secured microservices by multiple clients Problem
Solution
Access delegation based on OAuth 2.0 Solution
OAuth 2.0 OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Grant access to the OAuth client to access a resource under a provided scope Resource Owner Introspect
OAuth 2.0 - Self Contained Access Tokens OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Resource Owner Grant access to the OAuth client to access a resource under a provided scope JWT <Trust>
● Secure development ○ Static, dynamic code analysis to make sure we do not introduce security vulnerabilities at the code level ○ Should be part of CICD process ○ Should have shorter feedback cycles ● Secure deployment ○ Service-per-host ○ Container level security ● Application level security ○ Authenticating, Authorizing end user ○ Securing channels between microservices Microservices Security
Application level security ● Edge Security ○ Authenticating end user ○ Authorizing end user against the common policies ● Service To Service Security ○ Share user context securely ○ Authorizing against specific policies
Edge Security
API Gateway Pattern API Gateway Single Container Single Container Single Container Microservice Microservice Microservice
API Gateway Single Container Single Container Microservice Microservice Token Exchange Auths Server 1 2 3 4 5 6 Access Token jwt at OIDC <Trust> <authenticate> <Trust> <Trust>
Service to Service Security
TLS Mutual Authentication ● Each microservice will have its own certificate to prove its identity ● How do we provision certificates to each microservice? ● How do we deal with certificate revocations? ● How do we deal with trust bootstrap? ● How do we deal with key rotation?
SPIFFE ● Secure Production Identity Framework for Everyone ● SPIFFE tries to solve the trust bootstrap problem in a platform agnostic manner ● SPIFFE provides an identity to each workload in a microservices deployment, which is known as the SPIFFE ID ○ E.g.: spiffe://acme.com/billing/payments ● Implementations - SPIRE, Istio
SPIFFE Workload SPIRE Server B Host A Workload Host B Proof of Identity SPIRE Server A SPIRE AgentSPIRE Agent Retrieve SVID Verify SVID
SPIFFE / SPIRE Workload SPIRE Agent SPIRE Server EC2 InstanceAWS Metadata API 1 4 7 3 6 2 5
JWT (JSON Web Token) ● Defines a container to transport data between interested parties ● There are multiple applications of JWT ○ In OpenID Connect the id_token is represented as a JWT ● Propagate one’s identity between interested parties ● Propagate user entitlements between interested parties ● Transfer data securely between interested parties over a unsecured channel ● Assert one’s identity, given that the recipient of the JWT trusts the asserting party
JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc4YjRjZjIzNjU2ZGMzOTUzNjRmMWI2YzAyOTA3NjkxZjJjZGZmZTEifQ.eyJpc3MiOiJh Y2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEwNTAyMjUxMTU4OTIwMTQ3NzMyIiwiYXpwIjoiODI1MjQ5ODM1NjU5LX RlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwi OiJwcmFiYXRoQHdzbzIuY29tIiwiYXRfaGFzaCI6InpmODZ2TnVsc0xCOGdGYXFSd2R6WWciLCJlbWFpbF92ZXJpZmll ZCI6dHJ1ZSwiYXVkIjoiODI1MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29 vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJ3c28yLmNvbSIsImlhdCI6MTQwMTkwODI3MSwiZXhwIjoxNDAxOTEyMTcxf Q.TVKv-pdyvk2gW8sGsCbsnkqsrS0T-H00xnY6ETkIfgIxfotvFn5IwKm3xyBMpy0FFe0Rb5Ht8AEJV6PdWyxz8rMgX2H ROWqSo_RfEfUpBb4iOsq4W28KftW5H0IA44VmNZ6zU4YTqPSt4TPhyFC9fP2D_Hg7JQozpQRUfbWTJI
JWT (JSON Web Token) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWS Payload) BASE64URL-ENCODE (JWS Signature) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWE Encrypted Key) BASE64URL-ENCODE (Initialization Vector) BASE64URL-ENCODE (Ciphertext) BASE64URL-ENCODE (Authentication Tag)
Access Control
● Interoperable JWT for authentication and authorization ● Introduce 2 new claims to the MP-JWT ○ "upn": A human readable claim that uniquely identifies the subject or user principal of the token ○ "groups": The token subject's group memberships ● Enables Role Based Access Control (RBAC) MicroProfile JWT (MP-JWT)
Policy Evaluation (Central PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice Single Container PDP jwt jwt jwt Authz req Authz resp
Policy Evaluation (Embedded PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice jwt jwt jwt PDP PDP PDP PDP PAP <Subscribe> <Subscribe> <Publish Policies>
● A lightweight general-purpose policy engine that can be co-located with the service ● Can integrate OPA as a sidecar, host-level daemon, or library. ● Integrated with Spring, Service Mesh implementations (Istio, Linkerd) Open Policy Agent (OPA)
Deployment Models
Docker ● Docker allows to run multiple services on the same host machine ● Not only exposing a different environment to each of them, but also isolating them from each other
Kubernetes ● Kubernetes abstracts away the hardware infrastructure and exposes your whole deployment as a single enormous computational resource ● Allows to easily deploy and manage containerized applications on top of it
Kubernetes (Pods) Container Container 1 Container 1 Container 2 Pod 1 IP: 10.1.0.1 Pod 2 IP: 10.1.0.2 Pod 3 IP: 10.1.0.3 Container Container 1 Container 1 Container 2 Pod 4 IP: 10.1.0.4 Pod 5 IP: 10.1.0.2 Pod 6 IP: 10.1.0.3 Container 2 Worker Node 1 Worker Node 2
Sidecar
Security Sidecar Single pod Microservice Security Sidecar Token PDP User-Info Introspection
● Microservices paradigm introduces new set of challenges to enforce security ● Lots of new threads to enforce application, deployment security in microservices ● API driven strong access delegation capabilities is a MUST for microservices friendly IAM Summary
THANK YOU wso2.com

Recomendados

[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice ArchitectureWSO2
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New BlackWSO2
 
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...WSO2
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity ManagementPrabath Siriwardena
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...Worteks
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialPrabath Siriwardena
 
Microservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal GancarzMicroservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal GancarzOpenCredo
 
Hyperledger fabric 3
Hyperledger fabric 3Hyperledger fabric 3
Hyperledger fabric 3Arvind Sridharan
 

Recomendados

[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice ArchitectureWSO2
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New BlackWSO2
 
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...WSO2
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity ManagementPrabath Siriwardena
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...Worteks
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialPrabath Siriwardena
 
Microservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal GancarzMicroservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal GancarzOpenCredo
 
Hyperledger fabric 3
Hyperledger fabric 3Hyperledger fabric 3
Hyperledger fabric 3Arvind Sridharan
 
Demystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricDemystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricBenjamin Fuentes
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBWSO2
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and ToolsRihusoft
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBinh Nguyen
 
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Altoros
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyJollen Chen
 
Write smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumWrite smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumMurughan Palaniachari
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysShun Shiku
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewPad Kankipati
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessNordic APIs
 
Modern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluModern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluMobileMonday Estonia
 
What is MultiChain Technology?
What is MultiChain Technology?What is MultiChain Technology?
What is MultiChain Technology?Blockchain Council
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
Segregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debateSegregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debatedalcanto
 
Token platform based on sidechain
Token platform based on sidechainToken platform based on sidechain
Token platform based on sidechainLuniverse Dunamu
 
The Bitcoin Lightning Network
The Bitcoin Lightning NetworkThe Bitcoin Lightning Network
The Bitcoin Lightning NetworkShun Shiku
 
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Romeo Kienzler
 
Hyperledger community update 20180528
Hyperledger community update 20180528Hyperledger community update 20180528
Hyperledger community update 20180528Arnaud Le Hors
 
The Role of IAM in Microservices
The Role of IAM in MicroservicesThe Role of IAM in Microservices
The Role of IAM in MicroservicesWSO2
 
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based ArchitectureWSO2
 

Mais conteúdo relacionado

Mais procurados

Demystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricDemystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricBenjamin Fuentes
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBWSO2
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and ToolsRihusoft
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBinh Nguyen
 
Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Altoros
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyJollen Chen
 
Write smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumWrite smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumMurughan Palaniachari
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysShun Shiku
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewPad Kankipati
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricAraf Karsh Hamid
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessNordic APIs
 
Modern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluModern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluMobileMonday Estonia
 
What is MultiChain Technology?
What is MultiChain Technology?What is MultiChain Technology?
What is MultiChain Technology?Blockchain Council
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattOpenCredo
 
Segregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debateSegregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debatedalcanto
 
Token platform based on sidechain
Token platform based on sidechainToken platform based on sidechain
Token platform based on sidechainLuniverse Dunamu
 
The Bitcoin Lightning Network
The Bitcoin Lightning NetworkThe Bitcoin Lightning Network
The Bitcoin Lightning NetworkShun Shiku
 
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Romeo Kienzler
 
Hyperledger community update 20180528
Hyperledger community update 20180528Hyperledger community update 20180528
Hyperledger community update 20180528Arnaud Le Hors
 

Mais procurados (20)

Demystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricDemystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabric
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESB
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and Tools
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-dive
 
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
 
Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and Property
 
Write smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumWrite smart contract with solidity on Ethereum
Write smart contract with solidity on Ethereum
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp Keys
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overview
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger Fabric
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party Access
 
Modern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluModern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar Uustalu
 
What is MultiChain Technology?
What is MultiChain Technology?What is MultiChain Technology?
What is MultiChain Technology?
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
 
Segregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debateSegregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debate
 
Token platform based on sidechain
Token platform based on sidechainToken platform based on sidechain
Token platform based on sidechain
 
The Bitcoin Lightning Network
The Bitcoin Lightning NetworkThe Bitcoin Lightning Network
The Bitcoin Lightning Network
 
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
 
Hyperledger community update 20180528
Hyperledger community update 20180528Hyperledger community update 20180528
Hyperledger community update 20180528
 

Semelhante a Talk Microservices to Me: The Role of IAM in Microservice Architecture

The Role of IAM in Microservices
The Role of IAM in MicroservicesThe Role of IAM in Microservices
The Role of IAM in MicroservicesWSO2
 
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based ArchitectureWSO2
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosOpenCredo
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security LandscapePrabath Siriwardena
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native EraWSO2
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security LandscapePrabath Siriwardena
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesRodrigo Cândido da Silva
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key ManagerWSO2
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes SecurityAll Things Open
 
Microservices in GO lang
Microservices in GO langMicroservices in GO lang
Microservices in GO langSHAKIL AKHTAR
 
WSO2 API microgateway introduction
WSO2 API microgateway introductionWSO2 API microgateway introduction
WSO2 API microgateway introductionChanaka Fernando
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven IntegrationWSO2
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureLucian Neghina
 
Introduction to event based microservices
Introduction to event based microservicesIntroduction to event based microservices
Introduction to event based microservicesGrigoris Grigoriadis
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 

Semelhante a Talk Microservices to Me: The Role of IAM in Microservice Architecture (20)

The Role of IAM in Microservices
The Role of IAM in MicroservicesThe Role of IAM in Microservices
The Role of IAM in Microservices
 
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David Borsos
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and Strategies
 
Microservices
MicroservicesMicroservices
Microservices
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes Security
 
Microservices in GO lang
Microservices in GO langMicroservices in GO lang
Microservices in GO lang
 
WSO2 API microgateway introduction
WSO2 API microgateway introductionWSO2 API microgateway introduction
WSO2 API microgateway introduction
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
 
Introduction to event based microservices
Introduction to event based microservicesIntroduction to event based microservices
Introduction to event based microservices
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 

Mais de WSO2

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in ChoreoWSO2
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023WSO2
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzureWSO2
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfWSO2
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in MinutesWSO2
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityWSO2
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...WSO2
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfWSO2
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoWSO2
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsWSO2
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital BusinessesWSO2
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)WSO2
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformationWSO2
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesWSO2
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready BankWSO2
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIsWSO2
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native DeploymentWSO2
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”WSO2
 

Mais de WSO2 (20)

Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
How to Create a Service in Choreo
How to Create a Service in ChoreoHow to Create a Service in Choreo
How to Create a Service in Choreo
 
Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023Ballerina Tech Talk - May 2023
Ballerina Tech Talk - May 2023
 
Platform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on AzurePlatform Strategy to Deliver Digital Experiences on Azure
Platform Strategy to Deliver Digital Experiences on Azure
 
GartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdfGartnerITSymSessionSlides.pdf
GartnerITSymSessionSlides.pdf
 
[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes[Webinar] How to Create an API in Minutes
[Webinar] How to Create an API in Minutes
 
Modernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos IdentityModernizing the Student Journey with Ethos Identity
Modernizing the Student Journey with Ethos Identity
 
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
Choreo - Build unique digital experiences on WSO2's platform, secured by Etho...
 
CIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdfCIO Summit Berlin 2022.pptx.pdf
CIO Summit Berlin 2022.pptx.pdf
 
Delivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing ChoreoDelivering New Digital Experiences Fast - Introducing Choreo
Delivering New Digital Experiences Fast - Introducing Choreo
 
Fueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected ProductsFueling the Digital Experience Economy with Connected Products
Fueling the Digital Experience Economy with Connected Products
 
A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses A Reference Methodology for Agile Digital Businesses
A Reference Methodology for Agile Digital Businesses
 
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
Workflows in WSO2 API Manager - WSO2 API Manager Community Call (12/15/2021)
 
Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation Lessons from the pandemic - From a single use case to true transformation
Lessons from the pandemic - From a single use case to true transformation
 
Adding Liveliness to Banking Experiences
Adding Liveliness to Banking ExperiencesAdding Liveliness to Banking Experiences
Adding Liveliness to Banking Experiences
 
Building a Future-ready Bank
Building a Future-ready BankBuilding a Future-ready Bank
Building a Future-ready Bank
 
WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021WSO2 API Manager Community Call - November 2021
WSO2 API Manager Community Call - November 2021
 
[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs[API World ] - Managing Asynchronous APIs
[API World ] - Managing Asynchronous APIs
 
[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment[API World 2021 ] - Understanding Cloud Native Deployment
[API World 2021 ] - Understanding Cloud Native Deployment
 
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
[API Word 2021] - Quantum Duality of “API as a Business and a Technology”
 

Último

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

Último (20)

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 

Talk Microservices to Me: The Role of IAM in Microservice Architecture

  • 1. Technical Lead, WSO2 Talk Microservices to Me: The Role of IAM in Microservices Architecture Darshana Gunawardana
  • 2. Microservices ● The foundation of microservice architecture is about ○ Developing a single application as a collection of small and independent services ○ That are running in their own process, developed and deployed independently ● Provides a focused, scoped and modular approach for application design ● Not just about an architectural pattern ○ Driven by the primary goal  - speed to production
  • 3. ● All the services are deployed in the same application ● The application server itself provides session management features ○ All the services can share a user’s login status ● The interactions between services are local calls ● Authentication is done centrally at an interceptor ● Passing login context varies from one platform to another Monolithic Applications
  • 4. Traditional Application level security ● Authenticating end user ○ Multiple user repositories ○ Multiple IdPs ● Authorizing end user ○ Centralized policy enforcement ○ Centralized policy evaluation
  • 6. ● Microservices are independent to each other ○ Each service has to enforce authentication, authorization ● Broader attack surface ● Scalability ○ Each service will serve thousands of requests per second ○ There can be hundreds of microservices ● Performance ● Deployment complexities ● Polyglot architecture Challenges
  • 7. On behalf of user, need to access secured microservices by multiple clients Problem
  • 9. Access delegation based on OAuth 2.0 Solution
  • 10. OAuth 2.0 OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Grant access to the OAuth client to access a resource under a provided scope Resource Owner Introspect
  • 11. OAuth 2.0 - Self Contained Access Tokens OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Resource Owner Grant access to the OAuth client to access a resource under a provided scope JWT <Trust>
  • 12. ● Secure development ○ Static, dynamic code analysis to make sure we do not introduce security vulnerabilities at the code level ○ Should be part of CICD process ○ Should have shorter feedback cycles ● Secure deployment ○ Service-per-host ○ Container level security ● Application level security ○ Authenticating, Authorizing end user ○ Securing channels between microservices Microservices Security
  • 13. Application level security ● Edge Security ○ Authenticating end user ○ Authorizing end user against the common policies ● Service To Service Security ○ Share user context securely ○ Authorizing against specific policies
  • 18. TLS Mutual Authentication ● Each microservice will have its own certificate to prove its identity ● How do we provision certificates to each microservice? ● How do we deal with certificate revocations? ● How do we deal with trust bootstrap? ● How do we deal with key rotation?
  • 19. SPIFFE ● Secure Production Identity Framework for Everyone ● SPIFFE tries to solve the trust bootstrap problem in a platform agnostic manner ● SPIFFE provides an identity to each workload in a microservices deployment, which is known as the SPIFFE ID ○ E.g.: spiffe://acme.com/billing/payments ● Implementations - SPIRE, Istio
  • 20. SPIFFE Workload SPIRE Server B Host A Workload Host B Proof of Identity SPIRE Server A SPIRE AgentSPIRE Agent Retrieve SVID Verify SVID
  • 21. SPIFFE / SPIRE Workload SPIRE Agent SPIRE Server EC2 InstanceAWS Metadata API 1 4 7 3 6 2 5
  • 22. JWT (JSON Web Token) ● Defines a container to transport data between interested parties ● There are multiple applications of JWT ○ In OpenID Connect the id_token is represented as a JWT ● Propagate one’s identity between interested parties ● Propagate user entitlements between interested parties ● Transfer data securely between interested parties over a unsecured channel ● Assert one’s identity, given that the recipient of the JWT trusts the asserting party
  • 23. JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc4YjRjZjIzNjU2ZGMzOTUzNjRmMWI2YzAyOTA3NjkxZjJjZGZmZTEifQ.eyJpc3MiOiJh Y2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEwNTAyMjUxMTU4OTIwMTQ3NzMyIiwiYXpwIjoiODI1MjQ5ODM1NjU5LX RlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwi OiJwcmFiYXRoQHdzbzIuY29tIiwiYXRfaGFzaCI6InpmODZ2TnVsc0xCOGdGYXFSd2R6WWciLCJlbWFpbF92ZXJpZmll ZCI6dHJ1ZSwiYXVkIjoiODI1MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29 vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJ3c28yLmNvbSIsImlhdCI6MTQwMTkwODI3MSwiZXhwIjoxNDAxOTEyMTcxf Q.TVKv-pdyvk2gW8sGsCbsnkqsrS0T-H00xnY6ETkIfgIxfotvFn5IwKm3xyBMpy0FFe0Rb5Ht8AEJV6PdWyxz8rMgX2H ROWqSo_RfEfUpBb4iOsq4W28KftW5H0IA44VmNZ6zU4YTqPSt4TPhyFC9fP2D_Hg7JQozpQRUfbWTJI
  • 24. JWT (JSON Web Token) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWS Payload) BASE64URL-ENCODE (JWS Signature) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWE Encrypted Key) BASE64URL-ENCODE (Initialization Vector) BASE64URL-ENCODE (Ciphertext) BASE64URL-ENCODE (Authentication Tag)
  • 26. ● Interoperable JWT for authentication and authorization ● Introduce 2 new claims to the MP-JWT ○ "upn": A human readable claim that uniquely identifies the subject or user principal of the token ○ "groups": The token subject's group memberships ● Enables Role Based Access Control (RBAC) MicroProfile JWT (MP-JWT)
  • 27. Policy Evaluation (Central PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice Single Container PDP jwt jwt jwt Authz req Authz resp
  • 28. Policy Evaluation (Embedded PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice jwt jwt jwt PDP PDP PDP PDP PAP <Subscribe> <Subscribe> <Publish Policies>
  • 29. ● A lightweight general-purpose policy engine that can be co-located with the service ● Can integrate OPA as a sidecar, host-level daemon, or library. ● Integrated with Spring, Service Mesh implementations (Istio, Linkerd) Open Policy Agent (OPA)
  • 31. Docker ● Docker allows to run multiple services on the same host machine ● Not only exposing a different environment to each of them, but also isolating them from each other
  • 32. Kubernetes ● Kubernetes abstracts away the hardware infrastructure and exposes your whole deployment as a single enormous computational resource ● Allows to easily deploy and manage containerized applications on top of it
  • 33. Kubernetes (Pods) Container Container 1 Container 1 Container 2 Pod 1 IP: 10.1.0.1 Pod 2 IP: 10.1.0.2 Pod 3 IP: 10.1.0.3 Container Container 1 Container 1 Container 2 Pod 4 IP: 10.1.0.4 Pod 5 IP: 10.1.0.2 Pod 6 IP: 10.1.0.3 Container 2 Worker Node 1 Worker Node 2
  • 36. ● Microservices paradigm introduces new set of challenges to enforce security ● Lots of new threads to enforce application, deployment security in microservices ● API driven strong access delegation capabilities is a MUST for microservices friendly IAM Summary