SlideShare a Scribd company logo

Cloud design patterns - Federated Identity & Gatekeeper

Download as PPTX, PDF
Roger Chien
Roger Chien

This is short slides about federated identity and gatekeeper pattern. The source is from "Cloud design patterns" by Microsoft.

Technology
1 of 10
Presented by: Roger Chien Mar 2014 Content is from “Cloud design patterns – perspective architecture guidance for cloud applications”, by Microsoft. Cloud Design Patterns Federated Identity & Gatekeeper Pattern
Federated Identity Pattern  Delegate authentication to external identity provider  LDAP inAAA.  Eliminates the need of multiple login credentials for every service. (e.g. Open-ID)  More easily for privilege management. (people leave and fine grain control)  Application and services can save the overhead of identity management.
Federated Identity Pattern Could be chain of trust In STS.
Federated Identity Pattern - Issues  Can be single point of failure.  Need fine grain control for features & resources via Role based access control (RBAC).  Need to maintain user information for claim based authentication (thru registration)  If there is multiple STS, have to deal with sign-in redirection.
Federated Identity Pattern - Example  User in large enterprise to use SaaS application onWindowsAzure.
Gatekeeper Pattern  Using a dedicated host instance that acts as a broker between clients and applications/services, validates and sanitizes requests and passes requests and data between them.  Add another layer of security and reduce attack surface.  Fit for:  Applications that handle sensitive information, expose services that must have high a degree of protection from malicious attacks, or perform mission-critical operations that must not be disrupted.  Distributed applications where it is necessary to perform request validation separately from the main tasks, or to centralize this validation to simplify maintenance and administration.
Gatekeeper Pattern
Gatekeeper Pattern  Controlled validation: validates all requests and rejects those didn’t meet requirement.  Limited risk and exposure: Gatekeeper itself is not access to credentials and keys. If gatekeeper is compromised, those information are not exposed.  Appropriate security: Run gatekeeper in a limited privilege mode.  Gatekeeper is actually an application firewall.
Gatekeeper Pattern - Issues  The trusted nodes only expose necessary interfaces to Gatekeeper.  Run in limited privilege mode (Gatekeeper and trusted nodes are in separated hosted services orVM)  Gatekeeper only do validation and sanitization, not touch any processing related to services/applications.  Secure channel (SSL/TLS/HTTPS) is required for communication between Gatekeeper & trusted nodes.  Performance impact.  Could be single point of failure.
Gatekeeper Pattern - Example

Recommended

Concept of SOA
Concept of SOAConcept of SOA
Concept of SOASylvain Witmeyer
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented ArchitectureSandeep Ganji
 
Introduction To Microservices
Introduction To MicroservicesIntroduction To Microservices
Introduction To MicroservicesLalit Kale
 
Microservice Architecture 101
Microservice Architecture 101Microservice Architecture 101
Microservice Architecture 101Kochih Wu
 
Cloud computing architecture
Cloud computing architectureCloud computing architecture
Cloud computing architecturemeenalkakkar
 
Service Oriented Architecture (SOA)
Service Oriented Architecture (SOA)Service Oriented Architecture (SOA)
Service Oriented Architecture (SOA)Biniam Asnake
 
#MSDEVMTL Introduction à #SonarQube
#MSDEVMTL Introduction à #SonarQube#MSDEVMTL Introduction à #SonarQube
#MSDEVMTL Introduction à #SonarQubeVincent Biret
 
Microservicios
MicroserviciosMicroservicios
MicroserviciosJoan Sebastián Ramírez Pérez
 

Recommended

Concept of SOA
Concept of SOAConcept of SOA
Concept of SOASylvain Witmeyer
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented ArchitectureSandeep Ganji
 
Introduction To Microservices
Introduction To MicroservicesIntroduction To Microservices
Introduction To MicroservicesLalit Kale
 
Microservice Architecture 101
Microservice Architecture 101Microservice Architecture 101
Microservice Architecture 101Kochih Wu
 
Cloud computing architecture
Cloud computing architectureCloud computing architecture
Cloud computing architecturemeenalkakkar
 
Service Oriented Architecture (SOA)
Service Oriented Architecture (SOA)Service Oriented Architecture (SOA)
Service Oriented Architecture (SOA)Biniam Asnake
 
#MSDEVMTL Introduction à #SonarQube
#MSDEVMTL Introduction à #SonarQube#MSDEVMTL Introduction à #SonarQube
#MSDEVMTL Introduction à #SonarQubeVincent Biret
 
Microservicios
MicroserviciosMicroservicios
MicroserviciosJoan Sebastián Ramírez Pérez
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Edureka!
 
شرح Domain Driven Design بالعربي
شرح Domain Driven Design بالعربيشرح Domain Driven Design بالعربي
شرح Domain Driven Design بالعربيMohamed Galal
 
Mulesoft: Plataforma empesarial de integraciones
Mulesoft: Plataforma empesarial de integracionesMulesoft: Plataforma empesarial de integraciones
Mulesoft: Plataforma empesarial de integracionesLarry Magallanes
 
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN Colt Technology Services
 
Microservices Best Practices
Microservices Best PracticesMicroservices Best Practices
Microservices Best PracticesAliasgar Muchhala
 
What Is Serverless Computing
What Is Serverless ComputingWhat Is Serverless Computing
What Is Serverless ComputingCapital Numbers
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architectureAbdelghani Azri
 
VMs vs. Containers.pdf
VMs vs. Containers.pdfVMs vs. Containers.pdf
VMs vs. Containers.pdfSimform
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented ArchitectureSyed Mustafa
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to MicroservicesAmazon Web Services
 
SOA
SOASOA
SOAIndeevari Ramanayake
 
Azure fundamentals-170910113238
Azure fundamentals-170910113238Azure fundamentals-170910113238
Azure fundamentals-170910113238ScottSmith574468
 
Introduction to SOA
Introduction to SOAIntroduction to SOA
Introduction to SOAsaeed shargi ghazani
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice ArchitectureNguyen Tung
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureMateus Prado
 
Introduction to serverless compute with azure functions
Introduction to serverless compute with azure functionsIntroduction to serverless compute with azure functions
Introduction to serverless compute with azure functionsCallon Campbell
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsAraf Karsh Hamid
 
Manual co detector-popp_en
Manual co detector-popp_enManual co detector-popp_en
Manual co detector-popp_enDomotica daVinci
 
Multi tier, multi-tenant, multi-problem kafka
Multi tier, multi-tenant, multi-problem kafkaMulti tier, multi-tenant, multi-problem kafka
Multi tier, multi-tenant, multi-problem kafkaTodd Palino
 
Windows azure learning poster
Windows azure learning posterWindows azure learning poster
Windows azure learning posterMahmoud Moussa
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureMahmoud Moussa
 

More Related Content

What's hot

Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Edureka!
 
شرح Domain Driven Design بالعربي
شرح Domain Driven Design بالعربيشرح Domain Driven Design بالعربي
شرح Domain Driven Design بالعربيMohamed Galal
 
Mulesoft: Plataforma empesarial de integraciones
Mulesoft: Plataforma empesarial de integracionesMulesoft: Plataforma empesarial de integraciones
Mulesoft: Plataforma empesarial de integracionesLarry Magallanes
 
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN Colt Technology Services
 
Microservices Best Practices
Microservices Best PracticesMicroservices Best Practices
Microservices Best PracticesAliasgar Muchhala
 
What Is Serverless Computing
What Is Serverless ComputingWhat Is Serverless Computing
What Is Serverless ComputingCapital Numbers
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architectureAbdelghani Azri
 
VMs vs. Containers.pdf
VMs vs. Containers.pdfVMs vs. Containers.pdf
VMs vs. Containers.pdfSimform
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented ArchitectureSyed Mustafa
 
Azure fundamentals-170910113238
Azure fundamentals-170910113238Azure fundamentals-170910113238
Azure fundamentals-170910113238ScottSmith574468
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice ArchitectureNguyen Tung
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices ArchitectureMateus Prado
 
Introduction to serverless compute with azure functions
Introduction to serverless compute with azure functionsIntroduction to serverless compute with azure functions
Introduction to serverless compute with azure functionsCallon Campbell
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsAraf Karsh Hamid
 
Manual co detector-popp_en
Manual co detector-popp_enManual co detector-popp_en
Manual co detector-popp_enDomotica daVinci
 
Multi tier, multi-tenant, multi-problem kafka
Multi tier, multi-tenant, multi-problem kafkaMulti tier, multi-tenant, multi-problem kafka
Multi tier, multi-tenant, multi-problem kafkaTodd Palino
 

What's hot (20)

Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
Microservices Tutorial for Beginners | Microservices Architecture | Microserv...
 
شرح Domain Driven Design بالعربي
شرح Domain Driven Design بالعربيشرح Domain Driven Design بالعربي
شرح Domain Driven Design بالعربي
 
Mulesoft: Plataforma empesarial de integraciones
Mulesoft: Plataforma empesarial de integracionesMulesoft: Plataforma empesarial de integraciones
Mulesoft: Plataforma empesarial de integraciones
 
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
Colt's L3 VPN Evolution: Towards Hybrid MPLS and SD WAN
 
Microservices Best Practices
Microservices Best PracticesMicroservices Best Practices
Microservices Best Practices
 
What Is Serverless Computing
What Is Serverless ComputingWhat Is Serverless Computing
What Is Serverless Computing
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 
VMs vs. Containers.pdf
VMs vs. Containers.pdfVMs vs. Containers.pdf
VMs vs. Containers.pdf
 
Service Oriented Architecture
Service Oriented ArchitectureService Oriented Architecture
Service Oriented Architecture
 
Introduction to Microservices
Introduction to MicroservicesIntroduction to Microservices
Introduction to Microservices
 
SOA
SOASOA
SOA
 
Azure fundamentals-170910113238
Azure fundamentals-170910113238Azure fundamentals-170910113238
Azure fundamentals-170910113238
 
Introduction to SOA
Introduction to SOAIntroduction to SOA
Introduction to SOA
 
Microservice Architecture
Microservice ArchitectureMicroservice Architecture
Microservice Architecture
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
 
Introduction to serverless compute with azure functions
Introduction to serverless compute with azure functionsIntroduction to serverless compute with azure functions
Introduction to serverless compute with azure functions
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
 
Manual co detector-popp_en
Manual co detector-popp_enManual co detector-popp_en
Manual co detector-popp_en
 
Multi tier, multi-tenant, multi-problem kafka
Multi tier, multi-tenant, multi-problem kafkaMulti tier, multi-tenant, multi-problem kafka
Multi tier, multi-tenant, multi-problem kafka
 

Viewers also liked

Windows azure learning poster
Windows azure learning posterWindows azure learning poster
Windows azure learning posterMahmoud Moussa
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2David Linthicum
 
Cloud Design Pattern part1
Cloud Design Pattern part1Cloud Design Pattern part1
Cloud Design Pattern part1Masashi Narumoto
 
CIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCloudIDSummit
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
Linthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-serviceLinthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-serviceDavid Linthicum
 
Cloud Design Pattern part2
Cloud Design Pattern part2Cloud Design Pattern part2
Cloud Design Pattern part2Masashi Narumoto
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)Keiichi Hashimoto
 
Servcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design PatternServcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design PatternTakekazu Omi
 
CMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTCMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTSandyarathi Das
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
Ten^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design PatternsTen^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design PatternsShlomo Swidler
 
Microservices and Azure App Services
Microservices and Azure App ServicesMicroservices and Azure App Services
Microservices and Azure App ServicesDamir Dobric
 
Distributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud FoundryDistributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud FoundryDerek Collison
 
Towards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI StoryTowards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI StoryIT Expert Club
 
Simplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern AutomationSimplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern AutomationYan Cui
 

Viewers also liked (20)

Windows azure learning poster
Windows azure learning posterWindows azure learning poster
Windows azure learning poster
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architecture
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2
 
Cloud Design Pattern part1
Cloud Design Pattern part1Cloud Design Pattern part1
Cloud Design Pattern part1
 
CIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated Identity
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
Linthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-serviceLinthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-service
 
Cloud Design Pattern part2
Cloud Design Pattern part2Cloud Design Pattern part2
Cloud Design Pattern part2
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)
 
Servcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design PatternServcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design Pattern
 
CMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTCMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORT
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Forecast 2014: Cloud-Aware Applications
Forecast 2014: Cloud-Aware Applications Forecast 2014: Cloud-Aware Applications
Forecast 2014: Cloud-Aware Applications
 
MicroServices on Azure
MicroServices on AzureMicroServices on Azure
MicroServices on Azure
 
Ten^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design PatternsTen^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design Patterns
 
Microservices and Azure App Services
Microservices and Azure App ServicesMicroservices and Azure App Services
Microservices and Azure App Services
 
Distributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud FoundryDistributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud Foundry
 
Towards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI StoryTowards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI Story
 
Simplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern AutomationSimplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern Automation
 

Similar to Cloud design patterns - Federated Identity & Gatekeeper

Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsIJERA Editor
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015James Tramel
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Kesavan Munuswamy
 
Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2 Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2 Igor Miniailo
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Remote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageRemote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageIJMER
 
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...Vlad Mihnea
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 

Similar to Cloud design patterns - Federated Identity & Gatekeeper (20)

Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
 
Saas security
Saas securitySaas security
Saas security
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloud
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerations
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patterns
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015
 
Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2 Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
Remote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageRemote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud Storage
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018 Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018
 
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 

Cloud design patterns - Federated Identity & Gatekeeper

  • 1. Presented by: Roger Chien Mar 2014 Content is from “Cloud design patterns – perspective architecture guidance for cloud applications”, by Microsoft. Cloud Design Patterns Federated Identity & Gatekeeper Pattern
  • 2. Federated Identity Pattern  Delegate authentication to external identity provider  LDAP inAAA.  Eliminates the need of multiple login credentials for every service. (e.g. Open-ID)  More easily for privilege management. (people leave and fine grain control)  Application and services can save the overhead of identity management.
  • 3. Federated Identity Pattern Could be chain of trust In STS.
  • 4. Federated Identity Pattern - Issues  Can be single point of failure.  Need fine grain control for features & resources via Role based access control (RBAC).  Need to maintain user information for claim based authentication (thru registration)  If there is multiple STS, have to deal with sign-in redirection.
  • 5. Federated Identity Pattern - Example  User in large enterprise to use SaaS application onWindowsAzure.
  • 6. Gatekeeper Pattern  Using a dedicated host instance that acts as a broker between clients and applications/services, validates and sanitizes requests and passes requests and data between them.  Add another layer of security and reduce attack surface.  Fit for:  Applications that handle sensitive information, expose services that must have high a degree of protection from malicious attacks, or perform mission-critical operations that must not be disrupted.  Distributed applications where it is necessary to perform request validation separately from the main tasks, or to centralize this validation to simplify maintenance and administration.
  • 8. Gatekeeper Pattern  Controlled validation: validates all requests and rejects those didn’t meet requirement.  Limited risk and exposure: Gatekeeper itself is not access to credentials and keys. If gatekeeper is compromised, those information are not exposed.  Appropriate security: Run gatekeeper in a limited privilege mode.  Gatekeeper is actually an application firewall.
  • 9. Gatekeeper Pattern - Issues  The trusted nodes only expose necessary interfaces to Gatekeeper.  Run in limited privilege mode (Gatekeeper and trusted nodes are in separated hosted services orVM)  Gatekeeper only do validation and sanitization, not touch any processing related to services/applications.  Secure channel (SSL/TLS/HTTPS) is required for communication between Gatekeeper & trusted nodes.  Performance impact.  Could be single point of failure.