SlideShare a Scribd company logo

Spellpoint - Securing Access for Microservices

Ubisecure
Ubisecure

Spellpoint presentation slides from Ubisecure's IAMwithUBI Nordic IAM event May 2018. How Customer IAM (CIAM) principles and technology can be applied to identities for microservices to provide authentication and authorization of APIs.

Technology
1 of 20
Download to read offline
SPELLPOINT N O R D I C I A M C O N F E R E N C E 2 0 1 8
Microservice has no finger to type with Securing Access for the non-interactive 24.5.2018 Tero Pasanen, Senior IAM Architect
Identity and Access Management (IAM)… …is needed because all data cannot be available to everyone. So how to grant and enforce right accesses efficiently …and how to ensure security.
…this holds true for the more traditional software ecosystem, but what about the modern, agile, API based architectures?
Well. Does it really matter? I mean, what matters to the end-user?
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC  Monolith dusty mainframe servers  Latest buzzword friendly microservices backed by blockchain audit ledgers? 21a0d5 Service 1 Service 2
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC What matters to the end-user… Correct data and trust …and probably usability too.
So are we lost in digital transformation? It’s API, it’s all open to everyone Someone will take care of it, we’ll have an API for that Where do you get the data for the access control API? Someone will take care of it, we’ll have an API for that
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC All-out API environment?  Probably not.  Consider consistent user rights across different types of sw ecosystems  Avoid platform lock-in
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem – Remember SOA? SOA People Process Practice Platform  Existing investments?  ESB  API Gateway  SAML  OpenID Connect, Oauth, JWT  SOA – Agile?
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem puts agility in the dead center Agility & DevOps Quick to develop Easy to deploy Possibly short- lived Easily scalable
However…
There are more attack surfaces in the microservices world
So we need to authenticate and authorize  Authenticate source and target API’s  To ensure data confidentiality and integrity  Authorize end-user actions  .. in the way-way back-end systems
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Ways to do it  API Key “Do you know who I am?”  OAuth (possibly with JWT) as bearer token “I’ve got a ticket to ride”  MSSL (Mutual Authentication) “..and I can prove it”
Performance matters Amazon: 100ms of latency cost 1% in sales Google: extra 0.5 seconds in search page generation time dropped traffic by 20%
Looks a lot like traditional IAM
Take away With microservices we still have an end-point - service URL - to protect. Lo-and- behold - that is just what customer IAM SSO services do. Be efficient utilizing light weight protocols like OpenID Connect for authentication and OAuth for authorization. And provide access to legacy applications using the already established controls.
Copyright © Spellpoint Oy, 2000 – 2018 CONFIDENTIAL SECURING THE DIGITAL EVOLUTION
END OF PRESENTATION

Recommended

Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018
Ubisecure
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategy
Ubisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
Ubisecure
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with Smartphones
Ubisecure
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital Identity
Ubisecure
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital World
Ubisecure
 
Blockchain with iot
Blockchain with iotBlockchain with iot
Blockchain with iot
SuryaKumarSahani
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 

Recommended

Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018
Ubisecure
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategy
Ubisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
Ubisecure
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with Smartphones
Ubisecure
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital Identity
Ubisecure
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital World
Ubisecure
 
Blockchain with iot
Blockchain with iotBlockchain with iot
Blockchain with iot
SuryaKumarSahani
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 
The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020
OpenID Foundation Japan
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Cohesive Networks
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeConsent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
ForgeRock
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014
Chin Wan Lim
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
ForgeRock
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3
Chin Wan Lim
 
Trends in IRM: Internet of Things
Trends in IRM: Internet of ThingsTrends in IRM: Internet of Things
Trends in IRM: Internet of Things
ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_enAlix Murphy
 
Belgian mobile ID presents itsme
Belgian mobile ID presents itsmeBelgian mobile ID presents itsme
Belgian mobile ID presents itsme
Belgian Mobile ID - itsme
 
Smart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CitySmart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart City
Peter Waher
 
A digital society needs a digital id
A digital society needs a digital idA digital society needs a digital id
A digital society needs a digital id
Capgemini
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication Journey
FIDO Alliance
 
Loqr
LoqrLoqr
Loqr
Caixa Geral Depósitos
 
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID - itsme
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfGartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
ForgeRock
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
Rogue Wave Software
 
[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy
WSO2
 

More Related Content

What's hot

The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020
OpenID Foundation Japan
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Cohesive Networks
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeConsent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
ForgeRock
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014
Chin Wan Lim
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
ForgeRock
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3
Chin Wan Lim
 
Trends in IRM: Internet of Things
Trends in IRM: Internet of ThingsTrends in IRM: Internet of Things
Trends in IRM: Internet of Things
ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_enAlix Murphy
 
Belgian mobile ID presents itsme
Belgian mobile ID presents itsmeBelgian mobile ID presents itsme
Belgian mobile ID presents itsme
Belgian Mobile ID - itsme
 
Smart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CitySmart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart City
Peter Waher
 
A digital society needs a digital id
A digital society needs a digital idA digital society needs a digital id
A digital society needs a digital id
Capgemini
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication Journey
FIDO Alliance
 
Loqr
LoqrLoqr
Loqr
Caixa Geral Depósitos
 
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID - itsme
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfGartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
ForgeRock
 

What's hot (20)

The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
 
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeConsent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3
 
Trends in IRM: Internet of Things
Trends in IRM: Internet of ThingsTrends in IRM: Internet of Things
Trends in IRM: Internet of Things
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_en
 
Belgian mobile ID presents itsme
Belgian mobile ID presents itsmeBelgian mobile ID presents itsme
Belgian mobile ID presents itsme
 
Smart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CitySmart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart City
 
A digital society needs a digital id
A digital society needs a digital idA digital society needs a digital id
A digital society needs a digital id
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication Journey
 
Loqr
LoqrLoqr
Loqr
 
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another level
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfGartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
 

Similar to Spellpoint - Securing Access for Microservices

Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
Rogue Wave Software
 
[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy
WSO2
 
[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is Sexy[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is Sexy
WSO2
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Codit
 
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdfINTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
apidays
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
Adam Lewis
 
CWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insightsCWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insights
Capgemini
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
pqrs1234
 
AI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis GagneAI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis Gagne
Denis Gagné
 
[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World
WSO2
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
Jitendra Bafna
 
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in HeavenOracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Capgemini
 
Enabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseEnabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven Enterprise
Solace
 
RISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLDRISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLD
ForgeRock
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
Amazon Web Services
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015
Den Reymer
 
Oracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenOracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heaven
luisw19
 
Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?
Solace
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
APIsecure_ Official
 
OUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateOUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrate
Jon Petter Hjulstad
 

Similar to Spellpoint - Securing Access for Microservices (20)

Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy
 
[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is Sexy[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is Sexy
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdfINTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
CWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insightsCWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insights
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
 
AI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis GagneAI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis Gagne
 
[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
 
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in HeavenOracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
 
Enabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseEnabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven Enterprise
 
RISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLDRISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLD
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015
 
Oracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenOracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heaven
 
Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
 
OUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateOUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrate
 

More from Ubisecure

User Management, Enablement, Directory
User Management, Enablement, DirectoryUser Management, Enablement, Directory
User Management, Enablement, Directory
Ubisecure
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Single Sign-On
Single Sign-OnSingle Sign-On
Single Sign-On
Ubisecure
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
Ubisecure
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-Service
Ubisecure
 
Using Strong / Verified Identities
Using Strong / Verified IdentitiesUsing Strong / Verified Identities
Using Strong / Verified Identities
Ubisecure
 
Using Social & Business Identities
Using Social & Business IdentitiesUsing Social & Business Identities
Using Social & Business Identities
Ubisecure
 
Delegation of Authority
Delegation of AuthorityDelegation of Authority
Delegation of Authority
Ubisecure
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
Ubisecure
 
Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)
Ubisecure
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
Ubisecure
 
Introduction to Mobile Connect
Introduction to Mobile ConnectIntroduction to Mobile Connect
Introduction to Mobile Connect
Ubisecure
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
Ubisecure
 
SSH - Credentialess Cloud Access
SSH - Credentialess Cloud AccessSSH - Credentialess Cloud Access
SSH - Credentialess Cloud Access
Ubisecure
 
Nixu - Passwords must Die!
Nixu - Passwords must Die!Nixu - Passwords must Die!
Nixu - Passwords must Die!
Ubisecure
 
FICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong IdentificationFICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong Identification
Ubisecure
 

More from Ubisecure (17)

User Management, Enablement, Directory
User Management, Enablement, DirectoryUser Management, Enablement, Directory
User Management, Enablement, Directory
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
 
Single Sign-On
Single Sign-OnSingle Sign-On
Single Sign-On
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-Service
 
Using Strong / Verified Identities
Using Strong / Verified IdentitiesUsing Strong / Verified Identities
Using Strong / Verified Identities
 
Using Social & Business Identities
Using Social & Business IdentitiesUsing Social & Business Identities
Using Social & Business Identities
 
Delegation of Authority
Delegation of AuthorityDelegation of Authority
Delegation of Authority
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
 
Introduction to Mobile Connect
Introduction to Mobile ConnectIntroduction to Mobile Connect
Introduction to Mobile Connect
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
 
SSH - Credentialess Cloud Access
SSH - Credentialess Cloud AccessSSH - Credentialess Cloud Access
SSH - Credentialess Cloud Access
 
Nixu - Passwords must Die!
Nixu - Passwords must Die!Nixu - Passwords must Die!
Nixu - Passwords must Die!
 
FICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong IdentificationFICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong Identification
 

Recently uploaded

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 

Recently uploaded (20)

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 

Spellpoint - Securing Access for Microservices

  • 1. SPELLPOINT N O R D I C I A M C O N F E R E N C E 2 0 1 8
  • 2. Microservice has no finger to type with Securing Access for the non-interactive 24.5.2018 Tero Pasanen, Senior IAM Architect
  • 3. Identity and Access Management (IAM)… …is needed because all data cannot be available to everyone. So how to grant and enforce right accesses efficiently …and how to ensure security.
  • 4. …this holds true for the more traditional software ecosystem, but what about the modern, agile, API based architectures?
  • 5. Well. Does it really matter? I mean, what matters to the end-user?
  • 6. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC  Monolith dusty mainframe servers  Latest buzzword friendly microservices backed by blockchain audit ledgers? 21a0d5 Service 1 Service 2
  • 7. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC What matters to the end-user… Correct data and trust …and probably usability too.
  • 8. So are we lost in digital transformation? It’s API, it’s all open to everyone Someone will take care of it, we’ll have an API for that Where do you get the data for the access control API? Someone will take care of it, we’ll have an API for that
  • 9. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC All-out API environment?  Probably not.  Consider consistent user rights across different types of sw ecosystems  Avoid platform lock-in
  • 10. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem – Remember SOA? SOA People Process Practice Platform  Existing investments?  ESB  API Gateway  SAML  OpenID Connect, Oauth, JWT  SOA – Agile?
  • 11. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem puts agility in the dead center Agility & DevOps Quick to develop Easy to deploy Possibly short- lived Easily scalable
  • 13. There are more attack surfaces in the microservices world
  • 14. So we need to authenticate and authorize  Authenticate source and target API’s  To ensure data confidentiality and integrity  Authorize end-user actions  .. in the way-way back-end systems
  • 15. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Ways to do it  API Key “Do you know who I am?”  OAuth (possibly with JWT) as bearer token “I’ve got a ticket to ride”  MSSL (Mutual Authentication) “..and I can prove it”
  • 16. Performance matters Amazon: 100ms of latency cost 1% in sales Google: extra 0.5 seconds in search page generation time dropped traffic by 20%
  • 17. Looks a lot like traditional IAM
  • 18. Take away With microservices we still have an end-point - service URL - to protect. Lo-and- behold - that is just what customer IAM SSO services do. Be efficient utilizing light weight protocols like OpenID Connect for authentication and OAuth for authorization. And provide access to legacy applications using the already established controls.
  • 19. Copyright © Spellpoint Oy, 2000 – 2018 CONFIDENTIAL SECURING THE DIGITAL EVOLUTION