This document summarizes a presentation on microservices security. It begins with the speaker's qualifications and experience in software architecture. It then defines microservices as small, autonomous services that work together. Key benefits of microservices include technology heterogeneity, resilience, scaling, ease of deployment, and organizational alignment. Common design patterns are proxy, chained, and asynchronous messaging. The presentation discusses security approaches for microservices including HTTPS, SAML, OAuth, and API keys. It provides an example use case and discusses microservices principles and deployment considerations.

1. MICRO-SERVICES SECURITY
Aamir Salaam
Presentation on: Oct 21, 2015 @ Cloud Security Alliance Meetup

2. Aamir Salaam – SOAArchitect
1. Qualifications:
• MBA – Entrepreneurship, Santa Clara University
• MS – Computer Science, Golden Gate University
• BS – Computer Science, India
• Stanford University – Advanced Computer Security
2. Experiences:
• 18 yrs total – B2B & B2C Startups; Cisco Systems
• 10 + yrs Software Architecture, EA – Cisco Systems, Services
• SOA / microservices / APIs / API Management

3. Agenda
1. Overview of Microservices
2. Key Patterns
3. Security
4. Q & A

4. What are Microservices?
From book titled “Building Microservices” by Sam Newman:
“Microservices are small, autonomous
services that work together”

5. What are Microservices?
1. Small and Focused on Doing One Thing Well:
• Codebases growing large quickly  similar functions dispersed
• Focus on business boundaries
• How small is small?  focus on services aligned to team structures
2. Autonomous:
• Isolated service  deployed on PAAS (Platform As A Service)
• Inter-service communication via network calls
• APIs

6. Microservices Benefits
1. Technology Heterogeneity
2. Resilience
3. Scaling
4. Ease of Deployment
5. Organizational Alignment
6. Composability
7. Optimizing for Replaceability

7. Key Design Patterns
1. Aggregator / Proxy
2. Chained
3. Async Messaging
and more …

8. Proxy Microservices Pattern

9. Chained Microservices Pattern

10. Asynchronous Microservices Pattern

11. Microservices Security
Service to Service Authentication and Authorization
• HTTPS over Basic Authentication
• SAML or Open ID Connect
• Client Certificates
• HMAC over HTTP
• API Key

12. Use Case
e.g. vulnerableProducts | customer –names | advisorydetails -u

13. Deployment

14. Microservices Principles
Source: Book on “Building Microservices” by Sam Newman, page 248

15. Wrap-Up
1. Microservices are small, focused on one thing doing
well, autonomous services
2. Proxy, Chained, Async Microservices Patterns
3. Security mostly using OAUTH – Client Credentials Flow