SlideShare a Scribd company logo

Distributed Authorization with Open Policy Agent (OPA

apidays
apidays

apidays Helsinki & North 2023 API Ecosystems - Connecting Physical and Digital June 5 & 6, 2023 API authorization with Open Policy Agent Anders Eknert, Developer Advocate at Styra ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Data & Analytics
1 of 47
Download to read offline
Distributed Authorization with Open Policy Agent API Days, Helsinki, 2023 Anders Eknert
Anders Eknert ● Developer advocate at ● Software development ● Background in identity systems ● Three years into OPA ● Cooking and food ● Football anderseknert anderseknert anderseknert anderseknert@hachyderm.io
Problem: How do we do authorization in distributed APIs?
Answer: It’s complicated
The evolution of identity
From monolith Authentication Authorization Data Access Business logic Orchestration Data Access Data Access Business logic Business logic User interface
To microservices Authentication Authorization Data Access Business logic Orchestration Data Access Data Access Business logic Business logic User interface
To microservices Authentication Authorization Data Access Business logic Orchestration Data Access Data Access Business logic Business logic User interface
The evolution of identity Application Data Permissions Users credentials ● The application handles everything - including authentication and access control. The user authenticates in the application, a session is established, access control performed in code, commonly with a database serving permission data. ● In the distributed application, authentication is delegated elsewhere. ● But up until now, access control has remained pretty much the same, in code, with a database serving permission data per request. Monolith architecture
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data credentials credentials credentials credentials credentials credentials Naive monolith architecture using microservices
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data credentials credentials credentials credentials credentials credentials Naive monolith architecture using microservices
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token credentials Slightly less naive monolith architecture using microservices Rather than passing around credentials, we exchange them for tokens
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token Slightly less naive monolith architecture using microservices Everyone wants a token!
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token Slightly less naive monolith architecture using microservices So.. how are these tokens obtained?
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token Slightly less naive monolith architecture using microservices
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token OAuth2 Defines a set of flows for users (interactive flows) and clients (non-interactive) to authenticate at the authorization server in order to obtain access tokens for use as credentials to services. Does not detail what an access token should look like. Despite labeled an “authorization framework” provides little in terms of authorization - rather about delegation. Scopes provide basic boundaries for where an access token may be used. Commonly used for external identity providers, “social login”, etc.
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token JSON Web Tokens (JWTs) A JWT is a signed self-contained collection of claims, i.e. attributes claimed to be true. Tokens are created by an issuer. Claims often (but not always) provided by the backing identity provider. Expiry time (and other standard attributes) of JWT included in payload. JWTs are immutable - no claim may be changed without breaking signature verification. JWTs are everywhere - libraries for both encoding and decoding available for all languages and platforms.
Distributed identity, solved ☑ Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens
Great, now do authorization
The evolution of access control
Distributed Authorization? Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Naive model — authorization logic embedded in application code, querying database for permissions
So, where should we do authorization?
Gateway Model Gateway Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Authorization performed at perimeter of environment ● Fast! ● Single point of failure ● Insecure ● External dependency
Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Authorization — just like identity — must be verified in each service. Make no assumptions. ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
Great, we’re back where we started
Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens How do we make it better? ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Remove online dependency for permissions data, store copy in applications ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Authorization still hardcoded in applications — changes are cumbersome, coordination between teams required, very hard to audit ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens
● Open source general purpose policy engine ● Unified toolset and framework for policy across the stack ● Decouples policy from application logic ● Separates policy decision from enforcement ● Policies written in declarative language Rego ● Popular use cases ranging from kubernetes admission control, microservice authorization, infrastructure, data source filtering, to CI/CD pipeline policies and many more.
Policy decision model Service OPA Policy (Rego) Data (JSON) Request Policy Decision Policy Query Input can be ANY JSON value Output can be ANY JSON value Request Policy Decision Linux PAM
Deployment model ● OPA runs as a lightweight self-contained server binary ● OPA ideally deployed as close to service as possible. This usually means running on the same host, either as a daemon or in a sidecar deployment ● Applications communicate with the OPA server through its REST API ● Go library available for Go applications ● Envoy/Istio based applications. Wasm, Intermediate Representation (IR), more...
Policy authoring and Rego ● Rego — declarative high-level policy language used by OPA. ● Policy consists of any number of rules. ● Rules commonly return true/false but may return any type available in JSON, like strings, lists and objects. ● Policy testing is easy with provided unit test framework. ● Well documented! https://www.openpolicyagent.org/docs/latest/ ● Try it out! https://play.openpolicyagent.org/
Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Decisions delegated to OPA — unified authorization across the stack, with policy decoupled from application logic ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
Distributed authorization, solved ☑ Service Users Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Permissions Control Plane Policies
Distributed authorization, solved ☑ Service Users Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Permissions Policies
Distributed authorization solved!
Getting started ● Start small – write a few simple policies and tests. ● Browse the OPA documentation. Get a feel for the basics and the built-ins. ● Consider possible applications near to you - previous apps and libraries you’ve worked with. Consider the informal policies it dealt with. ● Delegate policy responsibilities to OPA. Again, start small! Perhaps a single endpoint to begin somewhere. Deploy and build experience. ● Scale up - management capabilities, logging, bundle server - Styra DAS! ● Styra Academy ● Join the OPA Slack community!
Questions?
Thank you!

Recommended

Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Securing FIWARE Architectures
Securing FIWARE ArchitecturesSecuring FIWARE Architectures
Securing FIWARE ArchitecturesFIWARE
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBinh Nguyen
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 

Recommended

Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
Presentation
PresentationPresentation
PresentationLaxman Kumar
 
Securing FIWARE Architectures
Securing FIWARE ArchitecturesSecuring FIWARE Architectures
Securing FIWARE ArchitecturesFIWARE
 
Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Cartes Asia Dem 2010 V2
Cartes Asia Dem 2010 V2Donald Malloy
 
JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...JDD2015: Security in the era of modern applications and services - Bolesław D...
JDD2015: Security in the era of modern applications and services - Bolesław D...PROIDEA
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBinh Nguyen
 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
 
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudVMware Tanzu
 
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIsWSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIsWSO2
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringVMware Tanzu
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.Kellton Tech Solutions Ltd
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
HTTP Authorization using OPA
HTTP Authorization using OPAHTTP Authorization using OPA
HTTP Authorization using OPAKnoldus Inc.
 
Access management
Access managementAccess management
Access managementVenkatesh Jambulingam
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureLucian Neghina
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
Keystone Federation
Keystone Federation Keystone Federation
Keystone Federation openstackindia
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Cloud Identity Management
Cloud Identity ManagementCloud Identity Management
Cloud Identity ManagementDamian T. Gordon
 
Policy Based Approach To Runtime Governace
Policy Based Approach To Runtime GovernacePolicy Based Approach To Runtime Governace
Policy Based Approach To Runtime GovernaceMichiel.Kemperman
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 
apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays
 
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays
 

More Related Content

Similar to Distributed Authorization with Open Policy Agent (OPA

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityCA API Management
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice ArchitectureMatt McLarty
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudVMware Tanzu
 
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIsWSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIsWSO2
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringVMware Tanzu
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 
HTTP Authorization using OPA
HTTP Authorization using OPAHTTP Authorization using OPA
HTTP Authorization using OPAKnoldus Inc.
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureLucian Neghina
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityMark Diodati
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellCA API Management
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based AuthenticationMohammad Yousri
 
Policy Based Approach To Runtime Governace
Policy Based Approach To Runtime GovernacePolicy Based Approach To Runtime Governace
Policy Based Approach To Runtime GovernaceMichiel.Kemperman
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...NCCOMMS
 

Similar to Distributed Authorization with Open Policy Agent (OPA (20)

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker IdentityFederation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity
 
API Security in a Microservice Architecture
API Security in a Microservice ArchitectureAPI Security in a Microservice Architecture
API Security in a Microservice Architecture
 
WSO2 Identity Server - Product Overview
WSO2 Identity Server - Product OverviewWSO2 Identity Server - Product Overview
WSO2 Identity Server - Product Overview
 
Securing Microservices in Hybrid Cloud
Securing Microservices in Hybrid CloudSecuring Microservices in Hybrid Cloud
Securing Microservices in Hybrid Cloud
 
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIsWSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
WSO2Con EU 2015: Securing, Monitoring and Monetizing APIs
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
API Security with OAuth2.0.
API Security with OAuth2.0.API Security with OAuth2.0.
API Security with OAuth2.0.
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 
HTTP Authorization using OPA
HTTP Authorization using OPAHTTP Authorization using OPA
HTTP Authorization using OPA
 
Access management
Access managementAccess management
Access management
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
 
Five Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern IdentityFive Things You Gotta Know About Modern Identity
Five Things You Gotta Know About Modern Identity
 
Keystone Federation
Keystone Federation Keystone Federation
Keystone Federation
 
OAuth in the Real World featuring Webshell
OAuth in the Real World featuring WebshellOAuth in the Real World featuring Webshell
OAuth in the Real World featuring Webshell
 
Understanding Claim based Authentication
Understanding Claim based AuthenticationUnderstanding Claim based Authentication
Understanding Claim based Authentication
 
Cloud Identity Management
Cloud Identity ManagementCloud Identity Management
Cloud Identity Management
 
Policy Based Approach To Runtime Governace
Policy Based Approach To Runtime GovernacePolicy Based Approach To Runtime Governace
Policy Based Approach To Runtime Governace
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
SPCA2013 - It’s Me, and Here’s My ProofIdentity & Authentication in SharePoin...
 

More from apidays

apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays
 
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays
 
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays
 
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays
 
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays
 
apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays
 
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays
 
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays
 
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays
 
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays
 
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays
 
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...apidays
 
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOApidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOapidays
 
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...apidays
 
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...apidays
 
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...apidays
 
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...apidays
 
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...apidays
 
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...apidays
 

More from apidays (20)

apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...apidays Australia 2023 - A programmatic approach to API success including Ope...
apidays Australia 2023 - A programmatic approach to API success including Ope...
 
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile APIapidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
apidays Singapore 2023 - Addressing the Data Gap, Jerome Eger, Smile API
 
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wiseapidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
apidays Singapore 2023 - Iterate Faster with Dynamic Flows, Yee Hui Poh, Wise
 
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Venturesapidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
apidays Singapore 2023 - Banking the Ecosystem, Apurv Suri, SC Ventures
 
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
apidays Singapore 2023 - Digitalising agreements with data, design & technolo...
 
apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...apidays Singapore 2023 - Building a digital-first investment management model...
apidays Singapore 2023 - Building a digital-first investment management model...
 
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
apidays Singapore 2023 - Changing the culture of building software, Aman Dham...
 
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
apidays Singapore 2023 - Connecting the trade ecosystem, CHOO Wai Yee, Singap...
 
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBMapidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
apidays Singapore 2023 - Beyond REST, Claudio Tag, IBM
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
 
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartnerapidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
apidays Singapore 2023 - State of the API Industry, Manjunath Bhat, Gartner
 
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
apidays Australia 2023 - Curb your Enthusiasm:Sustainable Scaling of APIs, Sa...
 
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
Apidays Paris 2023 - API Security Challenges for Cloud-native Software Archit...
 
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IOApidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
Apidays Paris 2023 - State of Tech Sustainability 2023, Gaël Duez, Green IO
 
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
Apidays Paris 2023 - 7 Mistakes When Putting In Place An API Program, Francoi...
 
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
Apidays Paris 2023 - Building APIs That Developers Love: Feedback Collection ...
 
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
Apidays Paris 2023 - Product Managers and API Documentation, Gareth Faull, Lo...
 
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
Apidays Paris 2023 - How to use NoCode as a Microservice, Benjamin Buléon and...
 
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
Apidays Paris 2023 - Boosting Event-Driven Development with AsyncAPI and Micr...
 
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
Apidays Paris 2023 - API Observability: Improving Governance, Security and Op...
 

Recently uploaded

Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceSapana Sha
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130Suhani Kapoor
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...Florian Roscheck
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...Pooja Nehwal
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPramod Kumar Srivastava
 
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfgstagge
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Callshivangimorya083
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiSuhani Kapoor
 
Spark3's new memory model/management
Spark3's new memory model/managementSpark3's new memory model/management
Spark3's new memory model/managementakshesh doshi
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...soniya singh
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationshipsccctableauusergroup
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdfHuman37
 
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...shivangimorya083
 

Recently uploaded (20)

Call Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts ServiceCall Girls In Mahipalpur O9654467111 Escorts Service
Call Girls In Mahipalpur O9654467111 Escorts Service
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
VIP Call Girls Service Miyapur Hyderabad Call +91-8250192130
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
 
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptxPKS-TGC-1084-630 - Stage 1 Proposal.pptx
PKS-TGC-1084-630 - Stage 1 Proposal.pptx
 
RadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdfRadioAdProWritingCinderellabyButleri.pdf
RadioAdProWritingCinderellabyButleri.pdf
 
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
Deep Generative Learning for All - The Gen AI Hype (Spring 2024)
 
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
꧁❤ Greater Noida Call Girls Delhi ❤꧂ 9711199171 ☎️ Hard And Sexy Vip Call
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls CP 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
 
Spark3's new memory model/management
Spark3's new memory model/managementSpark3's new memory model/management
Spark3's new memory model/management
 
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
High Class Call Girls Noida Sector 39 Aarushi 🔝8264348440🔝 Independent Escort...
 
04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships04242024_CCC TUG_Joins and Relationships
04242024_CCC TUG_Joins and Relationships
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf20240419 - Measurecamp Amsterdam - SAM.pdf
20240419 - Measurecamp Amsterdam - SAM.pdf
 
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
Full night 🥵 Call Girls Delhi New Friends Colony {9711199171} Sanya Reddy ✌️o...
 

Distributed Authorization with Open Policy Agent (OPA

  • 1. Distributed Authorization with Open Policy Agent API Days, Helsinki, 2023 Anders Eknert
  • 2.
  • 3. Anders Eknert ● Developer advocate at ● Software development ● Background in identity systems ● Three years into OPA ● Cooking and food ● Football anderseknert anderseknert anderseknert anderseknert@hachyderm.io
  • 4. Problem: How do we do authorization in distributed APIs?
  • 6. The evolution of identity
  • 7. From monolith Authentication Authorization Data Access Business logic Orchestration Data Access Data Access Business logic Business logic User interface
  • 8. To microservices Authentication Authorization Data Access Business logic Orchestration Data Access Data Access Business logic Business logic User interface
  • 9. To microservices Authentication Authorization Data Access Business logic Orchestration Data Access Data Access Business logic Business logic User interface
  • 10. The evolution of identity Application Data Permissions Users credentials ● The application handles everything - including authentication and access control. The user authenticates in the application, a session is established, access control performed in code, commonly with a database serving permission data. ● In the distributed application, authentication is delegated elsewhere. ● But up until now, access control has remained pretty much the same, in code, with a database serving permission data per request. Monolith architecture
  • 11. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data credentials credentials credentials credentials credentials credentials Naive monolith architecture using microservices
  • 12. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data credentials credentials credentials credentials credentials credentials Naive monolith architecture using microservices
  • 13. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token credentials Slightly less naive monolith architecture using microservices Rather than passing around credentials, we exchange them for tokens
  • 14. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token Slightly less naive monolith architecture using microservices Everyone wants a token!
  • 15. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token Slightly less naive monolith architecture using microservices So.. how are these tokens obtained?
  • 16. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token Slightly less naive monolith architecture using microservices
  • 17. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token OAuth2 Defines a set of flows for users (interactive flows) and clients (non-interactive) to authenticate at the authorization server in order to obtain access tokens for use as credentials to services. Does not detail what an access token should look like. Despite labeled an “authorization framework” provides little in terms of authorization - rather about delegation. Scopes provide basic boundaries for where an access token may be used. Commonly used for external identity providers, “social login”, etc.
  • 18. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
  • 19. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
  • 20. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
  • 21. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
  • 22. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token
  • 23. The evolution of identity Service Users Permissions Service Service Service Service Data Service Data Data Identity system token token token token token token token JSON Web Tokens (JWTs) A JWT is a signed self-contained collection of claims, i.e. attributes claimed to be true. Tokens are created by an issuer. Claims often (but not always) provided by the backing identity provider. Expiry time (and other standard attributes) of JWT included in payload. JWTs are immutable - no claim may be changed without breaking signature verification. JWTs are everywhere - libraries for both encoding and decoding available for all languages and platforms.
  • 24. Distributed identity, solved ☑ Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens
  • 25. Great, now do authorization
  • 26. The evolution of access control
  • 27. Distributed Authorization? Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Naive model — authorization logic embedded in application code, querying database for permissions
  • 28. So, where should we do authorization?
  • 29. Gateway Model Gateway Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Authorization performed at perimeter of environment ● Fast! ● Single point of failure ● Insecure ● External dependency
  • 30. Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Authorization — just like identity — must be verified in each service. Make no assumptions. ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
  • 31. Great, we’re back where we started
  • 32. Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens How do we make it better? ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
  • 33. Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Remove online dependency for permissions data, store copy in applications ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
  • 34. Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Authorization still hardcoded in applications — changes are cumbersome, coordination between teams required, very hard to audit ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
  • 35. Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens
  • 36. ● Open source general purpose policy engine ● Unified toolset and framework for policy across the stack ● Decouples policy from application logic ● Separates policy decision from enforcement ● Policies written in declarative language Rego ● Popular use cases ranging from kubernetes admission control, microservice authorization, infrastructure, data source filtering, to CI/CD pipeline policies and many more.
  • 37.
  • 38. Policy decision model Service OPA Policy (Rego) Data (JSON) Request Policy Decision Policy Query Input can be ANY JSON value Output can be ANY JSON value Request Policy Decision Linux PAM
  • 39. Deployment model ● OPA runs as a lightweight self-contained server binary ● OPA ideally deployed as close to service as possible. This usually means running on the same host, either as a daemon or in a sidecar deployment ● Applications communicate with the OPA server through its REST API ● Go library available for Go applications ● Envoy/Istio based applications. Wasm, Intermediate Representation (IR), more...
  • 40. Policy authoring and Rego ● Rego — declarative high-level policy language used by OPA. ● Policy consists of any number of rules. ● Rules commonly return true/false but may return any type available in JSON, like strings, lists and objects. ● Policy testing is easy with provided unit test framework. ● Well documented! https://www.openpolicyagent.org/docs/latest/ ● Try it out! https://play.openpolicyagent.org/
  • 41. Zero Trust Model Service Users Permissions Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Decisions delegated to OPA — unified authorization across the stack, with policy decoupled from application logic ● Slow ● Single point of failure ● Secure ● External dependency ● Authorization embedded in business logic
  • 42. Distributed authorization, solved ☑ Service Users Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Permissions Control Plane Policies
  • 43. Distributed authorization, solved ☑ Service Users Service Service Service Service Data Service Data Data Identity system Token/JWT JWT JWT JWT Token/JWT JWT JWT JSON Web Tokens Permissions Policies
  • 45. Getting started ● Start small – write a few simple policies and tests. ● Browse the OPA documentation. Get a feel for the basics and the built-ins. ● Consider possible applications near to you - previous apps and libraries you’ve worked with. Consider the informal policies it dealt with. ● Delegate policy responsibilities to OPA. Again, start small! Perhaps a single endpoint to begin somewhere. Deploy and build experience. ● Scale up - management capabilities, logging, bundle server - Styra DAS! ● Styra Academy ● Join the OPA Slack community!