SlideShare a Scribd company logo

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

Download as PPTX, PDF
David Brossard
David Brossard

In this presentation delivered at the European Identity Conference, I discuss how externalized dynamic authorization management based on attributes and policies (ABAC and PBAC) have evolved to cater to securing cloud capabilities such as S3, Databricks, and so on.

Technology
1 of 15
EIC 2019 - To the Cloud and Beyond Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes David Brossard VP Customer Relations | IDPro Founding Member | OASIS XACML Member
© Axiomatics 2019 - All Rights Reserved Enterprises are all going to cloud Photo by Dallas Reedy on Unsplash
© Axiomatics 2019 - All Rights Reserved 3Photo by Elvir K on Unsplash One approach is shift and lift (business as usual – you just run on cloud metal)
© Axiomatics 2019 - All Rights Reserved 4Photo by Daniel McCullough on Unsplash Another is design from scratch (leverage cloud capabilities – PaaS – containers)
© Axiomatics 2019 - All Rights Reserved 5 Technology Trends To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes ⁃ Architectures ⁃ APIs everywhere ⁃ Microservices, service mesh ⁃ Serverless, event-driven ⁃ Development paradigms ⁃ Distributed applications built by small independent teams ⁃ DevSecOps ⁃ Cloud deployment ⁃ Hybrid clouds ⁃ Migration & repatriation ⁃ Data in the cloud ⁃ Serverless relational databases and data warehouses ⁃ Managed Hadoop services ⁃ Extreme scale to many ⁃ Applications and microservices ⁃ Devices ⁃ Data records ⁃ Users and teams ⁃ Regulations
© Axiomatics 2019 - All Rights Reserved 6Photo by Harshal Desai on Unsplash Dynamic Authorization Decide at runtime – make the right decision Applicable to Applications, APIs, Microservices, Databases and Big Data
© Axiomatics 2019 - All Rights Reserved 7 ⁃ Run-time access control model whereby access to information resources is enforced through the evaluation of policies in an externalized and centralized authorization solution ⁃ Access to functions, transactions and data is enforced through contextual attributes that consider the who, what, when, where, how and why of an access request Dynamic Authorization Management To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
© Axiomatics 2019 - All Rights Reserved Authorization as a reusable building block
© Axiomatics 2019 - All Rights Reserved Authorization that scales
© Axiomatics 2019 - All Rights Reserved Elastic Authorization
© Axiomatics 2019 - All Rights Reserved Policy-Based Authorization (Use ALFA – the abbreviated language for AuthZ) Photo by Helloquence on Unsplash
© Axiomatics 2019 - All Rights Reserved Authorization as a sidecar / microservice
© Axiomatics 2019 - All Rights Reserved Cloud-Native Authorization (the twelve-factor app)
© Axiomatics 2019 - All Rights Reserved 14 ⁃ An implementation that follows the twelve-factor app ⁃ Authorization that can be containerized natively ⁃ Docker ⁃ Authorization that can be orchestrated by the cloud ⁃ Kubernetes ⁃ Authorization that can run in any major cloud platform ⁃ AWS – leverage AWS Beanstalk ⁃ GCP ⁃ Azure ⁃ Pivotal… Cloud Native Authorization To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
© Axiomatics 2019 - All Rights Reserved Protect multiple endpoints (PaaS / SaaS) (Databricks, S3, AWS RDS…) Photo by Rock'n Roll Monkey on Unsplash

Recommended

Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...David Brossard
 
Policy enabling your services - using elastic dynamic authorization to contro...
Policy enabling your services - using elastic dynamic authorization to contro...Policy enabling your services - using elastic dynamic authorization to contro...
Policy enabling your services - using elastic dynamic authorization to contro...David Brossard
 
Fine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLFine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLDavid Brossard
 
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
 
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...David Brossard
 
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignEIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignDavid Brossard
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCloudIDSummit
 
APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...
APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...
APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...apidays
 

Recommended

Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...Updates from the OASIS XACML Technical Committee - Making Authorization Devel...
Updates from the OASIS XACML Technical Committee - Making Authorization Devel...David Brossard
 
Policy enabling your services - using elastic dynamic authorization to contro...
Policy enabling your services - using elastic dynamic authorization to contro...Policy enabling your services - using elastic dynamic authorization to contro...
Policy enabling your services - using elastic dynamic authorization to contro...David Brossard
 
Fine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLFine grained access control for cloud-based services using ABAC and XACML
Fine grained access control for cloud-based services using ABAC and XACMLDavid Brossard
 
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?
OWASP Chicago 2016 - What is Attribute Based Access Control (ABAC)?David Brossard
 
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...
OASIS Workshop: Identity, Privacy, and Data Protection in the Cloud – What is...David Brossard
 
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignEIC 2014 Oasis Workshop: Using XACML to implement Privacy by Design
EIC 2014 Oasis Workshop: Using XACML to implement Privacy by DesignDavid Brossard
 
CIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCIS14: The Very Latest in Authorization Standards
CIS14: The Very Latest in Authorization StandardsCloudIDSummit
 
APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...
APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...
APIdays Helsinki 2019 - „Open Banking in a Box” and why it does not exist, Kr...apidays
 
iPaaS: A platform for Integration technology convergence
iPaaS: A platform for Integration technology convergenceiPaaS: A platform for Integration technology convergence
iPaaS: A platform for Integration technology convergenceRaveendra Babu Darsi
 
Software as a Service - Concepts and Implementation
Software as a Service - Concepts and ImplementationSoftware as a Service - Concepts and Implementation
Software as a Service - Concepts and Implementationogglog
 
A Capability Blueprint for Microservices
A Capability Blueprint for MicroservicesA Capability Blueprint for Microservices
A Capability Blueprint for MicroservicesMatt McLarty
 
Automate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpAutomate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpMitchell Pronschinske
 
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Codit
 
Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Solo.io
 
Oracle - Seminário Computação em Nuvem 2011
Oracle - Seminário Computação em Nuvem 2011Oracle - Seminário Computação em Nuvem 2011
Oracle - Seminário Computação em Nuvem 2011Teque Eventos
 
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2
 
A Tour of Different API Management Architectures
A Tour of Different API Management ArchitecturesA Tour of Different API Management Architectures
A Tour of Different API Management ArchitecturesNordic APIs
 
Introduction To IPaaS: Drivers, Requirements And Use Cases
Introduction To IPaaS: Drivers, Requirements And Use CasesIntroduction To IPaaS: Drivers, Requirements And Use Cases
Introduction To IPaaS: Drivers, Requirements And Use CasesSynerzip
 
Elastic Cloud: The best way to experience everything Elastic
Elastic Cloud: The best way to experience everything ElasticElastic Cloud: The best way to experience everything Elastic
Elastic Cloud: The best way to experience everything ElasticElasticsearch
 
Pattern Driven Enterprise Architecture
Pattern Driven Enterprise ArchitecturePattern Driven Enterprise Architecture
Pattern Driven Enterprise ArchitectureWSO2
 
Software As A Service Presentation
Software As A Service PresentationSoftware As A Service Presentation
Software As A Service Presentational95iii
 
HSBC and AWS
HSBC and AWSHSBC and AWS
HSBC and AWSAmazon Web Services
 
Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...Sendachi
 
How to Use iPaaS to Scale Your Business - Case Study
How to Use iPaaS to Scale Your Business - Case StudyHow to Use iPaaS to Scale Your Business - Case Study
How to Use iPaaS to Scale Your Business - Case Studyelastic.io
 
Sonoa Cloud Services for Elasticity and Mobility
Sonoa Cloud Services for Elasticity and MobilitySonoa Cloud Services for Elasticity and Mobility
Sonoa Cloud Services for Elasticity and MobilityIntel Corporation
 
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...apidays
 
M2M Integration Platform as a Service iPaaS
M2M Integration Platform as a Service iPaaSM2M Integration Platform as a Service iPaaS
M2M Integration Platform as a Service iPaaSEurotech
 
SaaS computing
SaaS computingSaaS computing
SaaS computingsumaira maqbool
 
The simplest cloud migration in the world by Webscale
The simplest cloud migration in the world by WebscaleThe simplest cloud migration in the world by Webscale
The simplest cloud migration in the world by WebscaleWebscale Networks
 
Unlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentUnlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentMitchell Pronschinske
 

More Related Content

What's hot

iPaaS: A platform for Integration technology convergence
iPaaS: A platform for Integration technology convergenceiPaaS: A platform for Integration technology convergence
iPaaS: A platform for Integration technology convergenceRaveendra Babu Darsi
 
Software as a Service - Concepts and Implementation
Software as a Service - Concepts and ImplementationSoftware as a Service - Concepts and Implementation
Software as a Service - Concepts and Implementationogglog
 
A Capability Blueprint for Microservices
A Capability Blueprint for MicroservicesA Capability Blueprint for Microservices
A Capability Blueprint for MicroservicesMatt McLarty
 
Automate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpAutomate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpMitchell Pronschinske
 
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Codit
 
Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Solo.io
 
Oracle - Seminário Computação em Nuvem 2011
Oracle - Seminário Computação em Nuvem 2011Oracle - Seminário Computação em Nuvem 2011
Oracle - Seminário Computação em Nuvem 2011Teque Eventos
 
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2
 
A Tour of Different API Management Architectures
A Tour of Different API Management ArchitecturesA Tour of Different API Management Architectures
A Tour of Different API Management ArchitecturesNordic APIs
 
Introduction To IPaaS: Drivers, Requirements And Use Cases
Introduction To IPaaS: Drivers, Requirements And Use CasesIntroduction To IPaaS: Drivers, Requirements And Use Cases
Introduction To IPaaS: Drivers, Requirements And Use CasesSynerzip
 
Elastic Cloud: The best way to experience everything Elastic
Elastic Cloud: The best way to experience everything ElasticElastic Cloud: The best way to experience everything Elastic
Elastic Cloud: The best way to experience everything ElasticElasticsearch
 
Pattern Driven Enterprise Architecture
Pattern Driven Enterprise ArchitecturePattern Driven Enterprise Architecture
Pattern Driven Enterprise ArchitectureWSO2
 
Software As A Service Presentation
Software As A Service PresentationSoftware As A Service Presentation
Software As A Service Presentational95iii
 
Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...Sendachi
 
How to Use iPaaS to Scale Your Business - Case Study
How to Use iPaaS to Scale Your Business - Case StudyHow to Use iPaaS to Scale Your Business - Case Study
How to Use iPaaS to Scale Your Business - Case Studyelastic.io
 
Sonoa Cloud Services for Elasticity and Mobility
Sonoa Cloud Services for Elasticity and MobilitySonoa Cloud Services for Elasticity and Mobility
Sonoa Cloud Services for Elasticity and MobilityIntel Corporation
 
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...apidays
 
M2M Integration Platform as a Service iPaaS
M2M Integration Platform as a Service iPaaSM2M Integration Platform as a Service iPaaS
M2M Integration Platform as a Service iPaaSEurotech
 

What's hot (20)

iPaaS: A platform for Integration technology convergence
iPaaS: A platform for Integration technology convergenceiPaaS: A platform for Integration technology convergence
iPaaS: A platform for Integration technology convergence
 
Software as a Service - Concepts and Implementation
Software as a Service - Concepts and ImplementationSoftware as a Service - Concepts and Implementation
Software as a Service - Concepts and Implementation
 
A Capability Blueprint for Microservices
A Capability Blueprint for MicroservicesA Capability Blueprint for Microservices
A Capability Blueprint for Microservices
 
Automate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corpAutomate and simplify multi cloud complexity with f5 and hashi corp
Automate and simplify multi cloud complexity with f5 and hashi corp
 
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017) Integration of Things (Sam Vanhoutte @Iglooconf 2017)
Integration of Things (Sam Vanhoutte @Iglooconf 2017)
 
Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]Service Mesh in the Real World [Raleigh NC Meetup]
Service Mesh in the Real World [Raleigh NC Meetup]
 
Oracle - Seminário Computação em Nuvem 2011
Oracle - Seminário Computação em Nuvem 2011Oracle - Seminário Computação em Nuvem 2011
Oracle - Seminário Computação em Nuvem 2011
 
WSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital ConnectorWSO2Con USA 2017: APIs as Your Digital Connector
WSO2Con USA 2017: APIs as Your Digital Connector
 
A Tour of Different API Management Architectures
A Tour of Different API Management ArchitecturesA Tour of Different API Management Architectures
A Tour of Different API Management Architectures
 
Introduction To IPaaS: Drivers, Requirements And Use Cases
Introduction To IPaaS: Drivers, Requirements And Use CasesIntroduction To IPaaS: Drivers, Requirements And Use Cases
Introduction To IPaaS: Drivers, Requirements And Use Cases
 
Elastic Cloud: The best way to experience everything Elastic
Elastic Cloud: The best way to experience everything ElasticElastic Cloud: The best way to experience everything Elastic
Elastic Cloud: The best way to experience everything Elastic
 
Pattern Driven Enterprise Architecture
Pattern Driven Enterprise ArchitecturePattern Driven Enterprise Architecture
Pattern Driven Enterprise Architecture
 
Software As A Service Presentation
Software As A Service PresentationSoftware As A Service Presentation
Software As A Service Presentation
 
HSBC and AWS
HSBC and AWSHSBC and AWS
HSBC and AWS
 
Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...Entertainment case study - Scalable and secure cloud delivery framework speed...
Entertainment case study - Scalable and secure cloud delivery framework speed...
 
How to Use iPaaS to Scale Your Business - Case Study
How to Use iPaaS to Scale Your Business - Case StudyHow to Use iPaaS to Scale Your Business - Case Study
How to Use iPaaS to Scale Your Business - Case Study
 
Sonoa Cloud Services for Elasticity and Mobility
Sonoa Cloud Services for Elasticity and MobilitySonoa Cloud Services for Elasticity and Mobility
Sonoa Cloud Services for Elasticity and Mobility
 
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...
APIdays Helsinki 2019 - Beyond REST: GraphQL API Management with Amit Acharya...
 
M2M Integration Platform as a Service iPaaS
M2M Integration Platform as a Service iPaaSM2M Integration Platform as a Service iPaaS
M2M Integration Platform as a Service iPaaS
 
SaaS computing
SaaS computingSaaS computing
SaaS computing
 

Similar to To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

The simplest cloud migration in the world by Webscale
The simplest cloud migration in the world by WebscaleThe simplest cloud migration in the world by Webscale
The simplest cloud migration in the world by WebscaleWebscale Networks
 
Unlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentUnlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentMitchell Pronschinske
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingsuraj bhandari
 
Embracing the Public Cloud with Herb VanHook
Embracing the Public Cloud with Herb VanHookEmbracing the Public Cloud with Herb VanHook
Embracing the Public Cloud with Herb VanHookBMC Software
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013David Linthicum
 
Private cloud in the hybrid era
Private cloud in the hybrid eraPrivate cloud in the hybrid era
Private cloud in the hybrid eraIBM Services
 
Working with Hybrid Clouds and Data Architectures
Working with Hybrid Clouds and Data ArchitecturesWorking with Hybrid Clouds and Data Architectures
Working with Hybrid Clouds and Data ArchitecturesDave McAllister
 
State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014Digital Realty
 
Information on Cloud-native Applications
Information on Cloud-native ApplicationsInformation on Cloud-native Applications
Information on Cloud-native ApplicationsHTS Hosting
 
A Journey to the Cloud with Data Virtualization
A Journey to the Cloud with Data VirtualizationA Journey to the Cloud with Data Virtualization
A Journey to the Cloud with Data VirtualizationDenodo
 
Leverage the Power of the Cloud to Develop Your Next Application.
Leverage the Power of the Cloud to Develop Your Next Application.Leverage the Power of the Cloud to Develop Your Next Application.
Leverage the Power of the Cloud to Develop Your Next Application.HashStudiozTechnolog
 
INTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGINTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGTanmoy Barman
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete MigrationStages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete MigrationAmazon Web Services
 
Cloud Computing Ppt
Cloud Computing PptCloud Computing Ppt
Cloud Computing PptAnjoum .
 
Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01Chindala Murali
 
Welcome to the Cloud!
Welcome to the Cloud!Welcome to the Cloud!
Welcome to the Cloud!imogokate
 
Applying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationApplying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationKacy Clarke
 

Similar to To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes (20)

The simplest cloud migration in the world by Webscale
The simplest cloud migration in the world by WebscaleThe simplest cloud migration in the world by Webscale
The simplest cloud migration in the world by Webscale
 
Unlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: DeploymentUnlocking the Cloud Operating Model: Deployment
Unlocking the Cloud Operating Model: Deployment
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
 
Embracing the Public Cloud with Herb VanHook
Embracing the Public Cloud with Herb VanHookEmbracing the Public Cloud with Herb VanHook
Embracing the Public Cloud with Herb VanHook
 
Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013Becomming a cloud governance ninja linthicum interop fall 2013
Becomming a cloud governance ninja linthicum interop fall 2013
 
Private cloud in the hybrid era
Private cloud in the hybrid eraPrivate cloud in the hybrid era
Private cloud in the hybrid era
 
Working with Hybrid Clouds and Data Architectures
Working with Hybrid Clouds and Data ArchitecturesWorking with Hybrid Clouds and Data Architectures
Working with Hybrid Clouds and Data Architectures
 
State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014State of the Cloud and Data Centers 2014
State of the Cloud and Data Centers 2014
 
Information on Cloud-native Applications
Information on Cloud-native ApplicationsInformation on Cloud-native Applications
Information on Cloud-native Applications
 
A Journey to the Cloud with Data Virtualization
A Journey to the Cloud with Data VirtualizationA Journey to the Cloud with Data Virtualization
A Journey to the Cloud with Data Virtualization
 
Leverage the Power of the Cloud to Develop Your Next Application.
Leverage the Power of the Cloud to Develop Your Next Application.Leverage the Power of the Cloud to Develop Your Next Application.
Leverage the Power of the Cloud to Develop Your Next Application.
 
Cloud Adoption and Risk Report 2019
Cloud Adoption and Risk Report 2019Cloud Adoption and Risk Report 2019
Cloud Adoption and Risk Report 2019
 
INTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTINGINTRODUCTION TO CLOUD COMPUTING
INTRODUCTION TO CLOUD COMPUTING
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete MigrationStages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration
 
Cloud Computing
Cloud Computing Cloud Computing
Cloud Computing
 
Cloud Computing Ppt
Cloud Computing PptCloud Computing Ppt
Cloud Computing Ppt
 
Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01Cloudcomputingppt 12746363271272 Phpapp01
Cloudcomputingppt 12746363271272 Phpapp01
 
Welcome to the Cloud!
Welcome to the Cloud!Welcome to the Cloud!
Welcome to the Cloud!
 
Applying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migrationApplying systems thinking to AWS enterprise application migration
Applying systems thinking to AWS enterprise application migration
 

More from David Brossard

Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...
Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...
Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...David Brossard
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...David Brossard
 
The Holy Grail of IAM: Getting to Grips with Authorization
The Holy Grail of IAM: Getting to Grips with AuthorizationThe Holy Grail of IAM: Getting to Grips with Authorization
The Holy Grail of IAM: Getting to Grips with AuthorizationDavid Brossard
 
OpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior ArtOpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior ArtDavid Brossard
 
OpenID Foundation AuthZEN WG Update
OpenID Foundation AuthZEN WG UpdateOpenID Foundation AuthZEN WG Update
OpenID Foundation AuthZEN WG UpdateDavid Brossard
 
Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...David Brossard
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you areDavid Brossard
 
XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...
XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...
XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...David Brossard
 
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...David Brossard
 
XACML - Fight For Your Love
XACML - Fight For Your LoveXACML - Fight For Your Love
XACML - Fight For Your LoveDavid Brossard
 

More from David Brossard (10)

Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...
Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...
Internet Identity Workshop IIW 2023 - Introduction to ALFA Authorization Lang...
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs - Nordi...
 
The Holy Grail of IAM: Getting to Grips with Authorization
The Holy Grail of IAM: Getting to Grips with AuthorizationThe Holy Grail of IAM: Getting to Grips with Authorization
The Holy Grail of IAM: Getting to Grips with Authorization
 
OpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior ArtOpenID AuthZEN ALFA PEP-PDP Prior Art
OpenID AuthZEN ALFA PEP-PDP Prior Art
 
OpenID Foundation AuthZEN WG Update
OpenID Foundation AuthZEN WG UpdateOpenID Foundation AuthZEN WG Update
OpenID Foundation AuthZEN WG Update
 
Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...Why lasagna is better than spaghetti: baking authorization into your applicat...
Why lasagna is better than spaghetti: baking authorization into your applicat...
 
Authorization - it's not just about who you are
Authorization - it's not just about who you areAuthorization - it's not just about who you are
Authorization - it's not just about who you are
 
XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...
XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...
XACML in five minutes: excerpt from Catalyst 2013 panel "New school identity ...
 
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
XACML for Developers - Updates, New Tools, & Patterns for the Eager #IAM Deve...
 
XACML - Fight For Your Love
XACML - Fight For Your LoveXACML - Fight For Your Love
XACML - Fight For Your Love
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

To the cloud and beyond: delivering policy-driven authorization for cloud applications and data lakes

  • 1. EIC 2019 - To the Cloud and Beyond Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes David Brossard VP Customer Relations | IDPro Founding Member | OASIS XACML Member
  • 2. © Axiomatics 2019 - All Rights Reserved Enterprises are all going to cloud Photo by Dallas Reedy on Unsplash
  • 3. © Axiomatics 2019 - All Rights Reserved 3Photo by Elvir K on Unsplash One approach is shift and lift (business as usual – you just run on cloud metal)
  • 4. © Axiomatics 2019 - All Rights Reserved 4Photo by Daniel McCullough on Unsplash Another is design from scratch (leverage cloud capabilities – PaaS – containers)
  • 5. © Axiomatics 2019 - All Rights Reserved 5 Technology Trends To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes ⁃ Architectures ⁃ APIs everywhere ⁃ Microservices, service mesh ⁃ Serverless, event-driven ⁃ Development paradigms ⁃ Distributed applications built by small independent teams ⁃ DevSecOps ⁃ Cloud deployment ⁃ Hybrid clouds ⁃ Migration & repatriation ⁃ Data in the cloud ⁃ Serverless relational databases and data warehouses ⁃ Managed Hadoop services ⁃ Extreme scale to many ⁃ Applications and microservices ⁃ Devices ⁃ Data records ⁃ Users and teams ⁃ Regulations
  • 6. © Axiomatics 2019 - All Rights Reserved 6Photo by Harshal Desai on Unsplash Dynamic Authorization Decide at runtime – make the right decision Applicable to Applications, APIs, Microservices, Databases and Big Data
  • 7. © Axiomatics 2019 - All Rights Reserved 7 ⁃ Run-time access control model whereby access to information resources is enforced through the evaluation of policies in an externalized and centralized authorization solution ⁃ Access to functions, transactions and data is enforced through contextual attributes that consider the who, what, when, where, how and why of an access request Dynamic Authorization Management To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  • 8. © Axiomatics 2019 - All Rights Reserved Authorization as a reusable building block
  • 9. © Axiomatics 2019 - All Rights Reserved Authorization that scales
  • 10. © Axiomatics 2019 - All Rights Reserved Elastic Authorization
  • 11. © Axiomatics 2019 - All Rights Reserved Policy-Based Authorization (Use ALFA – the abbreviated language for AuthZ) Photo by Helloquence on Unsplash
  • 12. © Axiomatics 2019 - All Rights Reserved Authorization as a sidecar / microservice
  • 13. © Axiomatics 2019 - All Rights Reserved Cloud-Native Authorization (the twelve-factor app)
  • 14. © Axiomatics 2019 - All Rights Reserved 14 ⁃ An implementation that follows the twelve-factor app ⁃ Authorization that can be containerized natively ⁃ Docker ⁃ Authorization that can be orchestrated by the cloud ⁃ Kubernetes ⁃ Authorization that can run in any major cloud platform ⁃ AWS – leverage AWS Beanstalk ⁃ GCP ⁃ Azure ⁃ Pivotal… Cloud Native Authorization To the Cloud and Beyond: Delivering Policy-Driven Authorization for Cloud Applications and Data Lakes
  • 15. © Axiomatics 2019 - All Rights Reserved Protect multiple endpoints (PaaS / SaaS) (Databricks, S3, AWS RDS…) Photo by Rock'n Roll Monkey on Unsplash

Editor's Notes

  1. Everyone is moving to the cloud
  2. I. Codebase One codebase tracked in revision control, many deploys II. Dependencies Explicitly declare and isolate dependencies III. Config Store config in the environment IV. Backing services Treat backing services as attached resources V. Build, release, run Strictly separate build and run stages VI. Processes Execute the app as one or more stateless processes VII. Port binding Export services via port binding VIII. Concurrency Scale out via the process model IX. Disposability Maximize robustness with fast startup and graceful shutdown X. Dev/prod parity Keep development, staging, and production as similar as possible XI. Logs Treat logs as event streams XII. Admin processes Run admin/management tasks as one-off processes