SlideShare a Scribd company logo

Talk Microservices to Me: The Role of IAM in Microservice Architecture

WSO2
WSO2

This slide deck explores the challenges of securing microservices, best practices to overcome them, and expectation of IAM in the microservice architecture. Watch video: https://wso2.com/library/conference/2018/07/wso2con-usa-2018-talk-microservices-to-me-the-role-of-iam-in-microservice-architecture/

Technology
1 of 37
Download to read offline
Technical Lead, WSO2 Talk Microservices to Me: The Role of IAM in Microservices Architecture Darshana Gunawardana
Microservices ● The foundation of microservice architecture is about ○ Developing a single application as a collection of small and independent services ○ That are running in their own process, developed and deployed independently ● Provides a focused, scoped and modular approach for application design ● Not just about an architectural pattern ○ Driven by the primary goal  - speed to production
● All the services are deployed in the same application ● The application server itself provides session management features ○ All the services can share a user’s login status ● The interactions between services are local calls ● Authentication is done centrally at an interceptor ● Passing login context varies from one platform to another Monolithic Applications
Traditional Application level security ● Authenticating end user ○ Multiple user repositories ○ Multiple IdPs ● Authorizing end user ○ Centralized policy enforcement ○ Centralized policy evaluation
Monolithic vs. Microservices User Session Single Container Single Container Single Container Single Container Single Container
● Microservices are independent to each other ○ Each service has to enforce authentication, authorization ● Broader attack surface ● Scalability ○ Each service will serve thousands of requests per second ○ There can be hundreds of microservices ● Performance ● Deployment complexities ● Polyglot architecture Challenges
On behalf of user, need to access secured microservices by multiple clients Problem
Solution
Access delegation based on OAuth 2.0 Solution
OAuth 2.0 OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Grant access to the OAuth client to access a resource under a provided scope Resource Owner Introspect
OAuth 2.0 - Self Contained Access Tokens OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Resource Owner Grant access to the OAuth client to access a resource under a provided scope JWT <Trust>
● Secure development ○ Static, dynamic code analysis to make sure we do not introduce security vulnerabilities at the code level ○ Should be part of CICD process ○ Should have shorter feedback cycles ● Secure deployment ○ Service-per-host ○ Container level security ● Application level security ○ Authenticating, Authorizing end user ○ Securing channels between microservices Microservices Security
Application level security ● Edge Security ○ Authenticating end user ○ Authorizing end user against the common policies ● Service To Service Security ○ Share user context securely ○ Authorizing against specific policies
Edge Security
API Gateway Pattern API Gateway Single Container Single Container Single Container Microservice Microservice Microservice
API Gateway Single Container Single Container Microservice Microservice Token Exchange Auths Server 1 2 3 4 5 6 Access Token jwt at OIDC <Trust> <authenticate> <Trust> <Trust>
Service to Service Security
TLS Mutual Authentication ● Each microservice will have its own certificate to prove its identity ● How do we provision certificates to each microservice? ● How do we deal with certificate revocations? ● How do we deal with trust bootstrap? ● How do we deal with key rotation?
SPIFFE ● Secure Production Identity Framework for Everyone ● SPIFFE tries to solve the trust bootstrap problem in a platform agnostic manner ● SPIFFE provides an identity to each workload in a microservices deployment, which is known as the SPIFFE ID ○ E.g.: spiffe://acme.com/billing/payments ● Implementations - SPIRE, Istio
SPIFFE Workload SPIRE Server B Host A Workload Host B Proof of Identity SPIRE Server A SPIRE AgentSPIRE Agent Retrieve SVID Verify SVID
SPIFFE / SPIRE Workload SPIRE Agent SPIRE Server EC2 InstanceAWS Metadata API 1 4 7 3 6 2 5
JWT (JSON Web Token) ● Defines a container to transport data between interested parties ● There are multiple applications of JWT ○ In OpenID Connect the id_token is represented as a JWT ● Propagate one’s identity between interested parties ● Propagate user entitlements between interested parties ● Transfer data securely between interested parties over a unsecured channel ● Assert one’s identity, given that the recipient of the JWT trusts the asserting party
JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc4YjRjZjIzNjU2ZGMzOTUzNjRmMWI2YzAyOTA3NjkxZjJjZGZmZTEifQ.eyJpc3MiOiJh Y2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEwNTAyMjUxMTU4OTIwMTQ3NzMyIiwiYXpwIjoiODI1MjQ5ODM1NjU5LX RlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwi OiJwcmFiYXRoQHdzbzIuY29tIiwiYXRfaGFzaCI6InpmODZ2TnVsc0xCOGdGYXFSd2R6WWciLCJlbWFpbF92ZXJpZmll ZCI6dHJ1ZSwiYXVkIjoiODI1MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29 vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJ3c28yLmNvbSIsImlhdCI6MTQwMTkwODI3MSwiZXhwIjoxNDAxOTEyMTcxf Q.TVKv-pdyvk2gW8sGsCbsnkqsrS0T-H00xnY6ETkIfgIxfotvFn5IwKm3xyBMpy0FFe0Rb5Ht8AEJV6PdWyxz8rMgX2H ROWqSo_RfEfUpBb4iOsq4W28KftW5H0IA44VmNZ6zU4YTqPSt4TPhyFC9fP2D_Hg7JQozpQRUfbWTJI
JWT (JSON Web Token) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWS Payload) BASE64URL-ENCODE (JWS Signature) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWE Encrypted Key) BASE64URL-ENCODE (Initialization Vector) BASE64URL-ENCODE (Ciphertext) BASE64URL-ENCODE (Authentication Tag)
Access Control
● Interoperable JWT for authentication and authorization ● Introduce 2 new claims to the MP-JWT ○ "upn": A human readable claim that uniquely identifies the subject or user principal of the token ○ "groups": The token subject's group memberships ● Enables Role Based Access Control (RBAC) MicroProfile JWT (MP-JWT)
Policy Evaluation (Central PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice Single Container PDP jwt jwt jwt Authz req Authz resp
Policy Evaluation (Embedded PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice jwt jwt jwt PDP PDP PDP PDP PAP <Subscribe> <Subscribe> <Publish Policies>
● A lightweight general-purpose policy engine that can be co-located with the service ● Can integrate OPA as a sidecar, host-level daemon, or library. ● Integrated with Spring, Service Mesh implementations (Istio, Linkerd) Open Policy Agent (OPA)
Deployment Models
Docker ● Docker allows to run multiple services on the same host machine ● Not only exposing a different environment to each of them, but also isolating them from each other
Kubernetes ● Kubernetes abstracts away the hardware infrastructure and exposes your whole deployment as a single enormous computational resource ● Allows to easily deploy and manage containerized applications on top of it
Kubernetes (Pods) Container Container 1 Container 1 Container 2 Pod 1 IP: 10.1.0.1 Pod 2 IP: 10.1.0.2 Pod 3 IP: 10.1.0.3 Container Container 1 Container 1 Container 2 Pod 4 IP: 10.1.0.4 Pod 5 IP: 10.1.0.2 Pod 6 IP: 10.1.0.3 Container 2 Worker Node 1 Worker Node 2
Sidecar
Security Sidecar Single pod Microservice Security Sidecar Token PDP User-Info Introspection
● Microservices paradigm introduces new set of challenges to enforce security ● Lots of new threads to enforce application, deployment security in microservices ● API driven strong access delegation capabilities is a MUST for microservices friendly IAM Summary
THANK YOU wso2.com

Recommended

[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
WSO2
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black
WSO2
 
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
WSO2
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity Management
Prabath Siriwardena
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
Worteks
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
Prabath Siriwardena
 
Microservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal GancarzMicroservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal Gancarz
OpenCredo
 
Hyperledger fabric 3
Hyperledger fabric 3Hyperledger fabric 3
Hyperledger fabric 3
Arvind Sridharan
 

Recommended

[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
[WSO2Con USA 2018] Managing Transactions in Your Microservice Architecture
WSO2
 
[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black[WSO2Con USA 2018] Identity APIs is the New Black
[WSO2Con USA 2018] Identity APIs is the New Black
WSO2
 
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
[WSO2Con Asia 2018] Talk Microservices to Me: The Role of IAM in Microservice...
WSO2
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity Management
Prabath Siriwardena
 
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
[LDAPCon 2019] LemonLDAP::NG 2.0: Mutli-factor authentication, Identity Feder...
Worteks
 
WSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server TutorialWSO2Con USA 2014 - Identity Server Tutorial
WSO2Con USA 2014 - Identity Server Tutorial
Prabath Siriwardena
 
Microservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal GancarzMicroservices Manchester: Serverless Architectures By Rafal Gancarz
Microservices Manchester: Serverless Architectures By Rafal Gancarz
OpenCredo
 
Hyperledger fabric 3
Hyperledger fabric 3Hyperledger fabric 3
Hyperledger fabric 3
Arvind Sridharan
 
Demystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricDemystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabric
Benjamin Fuentes
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESB
WSO2
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and Tools
Rihusoft
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-dive
Binh Nguyen
 
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0
Altoros
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Jollen Chen
 
Write smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumWrite smart contract with solidity on Ethereum
Write smart contract with solidity on Ethereum
Murughan Palaniachari
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp Keys
Shun Shiku
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overview
Pad Kankipati
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger Fabric
Araf Karsh Hamid
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party Access
Nordic APIs
 
Modern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluModern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar Uustalu
MobileMonday Estonia
 
What is MultiChain Technology?
What is MultiChain Technology?What is MultiChain Technology?
What is MultiChain Technology?
Blockchain Council
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
OpenCredo
 
Segregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debateSegregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debate
dalcanto
 
Token platform based on sidechain
Token platform based on sidechainToken platform based on sidechain
Token platform based on sidechain
Luniverse Dunamu
 
The Bitcoin Lightning Network
The Bitcoin Lightning NetworkThe Bitcoin Lightning Network
The Bitcoin Lightning Network
Shun Shiku
 
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Romeo Kienzler
 
Hyperledger community update 20180528
Hyperledger community update 20180528Hyperledger community update 20180528
Hyperledger community update 20180528
Arnaud Le Hors
 
The Role of IAM in Microservices
The Role of IAM in MicroservicesThe Role of IAM in Microservices
The Role of IAM in Microservices
WSO2
 
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
WSO2
 

More Related Content

What's hot

Demystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricDemystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabric
Benjamin Fuentes
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESB
WSO2
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and Tools
Rihusoft
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-dive
Binh Nguyen
 
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0
Altoros
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Jollen Chen
 
Write smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumWrite smart contract with solidity on Ethereum
Write smart contract with solidity on Ethereum
Murughan Palaniachari
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp Keys
Shun Shiku
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overview
Pad Kankipati
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger Fabric
Araf Karsh Hamid
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party Access
Nordic APIs
 
Modern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluModern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar Uustalu
MobileMonday Estonia
 
What is MultiChain Technology?
What is MultiChain Technology?What is MultiChain Technology?
What is MultiChain Technology?
Blockchain Council
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
OpenCredo
 
Segregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debateSegregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debate
dalcanto
 
Token platform based on sidechain
Token platform based on sidechainToken platform based on sidechain
Token platform based on sidechain
Luniverse Dunamu
 
The Bitcoin Lightning Network
The Bitcoin Lightning NetworkThe Bitcoin Lightning Network
The Bitcoin Lightning Network
Shun Shiku
 
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Romeo Kienzler
 
Hyperledger community update 20180528
Hyperledger community update 20180528Hyperledger community update 20180528
Hyperledger community update 20180528
Arnaud Le Hors
 

What's hot (20)

Demystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabricDemystify blockchain development with hyperledger fabric
Demystify blockchain development with hyperledger fabric
 
How to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESBHow to Secure Your Enterprise Services with WSO2 ESB
How to Secure Your Enterprise Services with WSO2 ESB
 
Hyperledger Fabric and Tools
Hyperledger Fabric and ToolsHyperledger Fabric and Tools
Hyperledger Fabric and Tools
 
Blockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-diveBlockchain Explored: A technical deep-dive
Blockchain Explored: A technical deep-dive
 
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
Javantura v6 - Case Study: Marketplace App with Java and Hyperledger Fabric -...
 
Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0Technical Introduction to Hyperledger Fabric v1.0
Technical Introduction to Hyperledger Fabric v1.0
 
Bitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and PropertyBitmark and Hyperledger Workshop: the Digital Assets and Property
Bitmark and Hyperledger Workshop: the Digital Assets and Property
 
Write smart contract with solidity on Ethereum
Write smart contract with solidity on EthereumWrite smart contract with solidity on Ethereum
Write smart contract with solidity on Ethereum
 
Bitcoin Wallet &amp Keys
Bitcoin Wallet &amp KeysBitcoin Wallet &amp Keys
Bitcoin Wallet &amp Keys
 
BlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overviewBlockchainConf.tech - Hyperledger overview
BlockchainConf.tech - Hyperledger overview
 
Blockchain - HyperLedger Fabric
Blockchain - HyperLedger FabricBlockchain - HyperLedger Fabric
Blockchain - HyperLedger Fabric
 
OAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party AccessOAuth and OpenID Connect for PSD2 and Third-Party Access
OAuth and OpenID Connect for PSD2 and Third-Party Access
 
Modern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar UustaluModern problems in backend engineering, Siim Kaspar Uustalu
Modern problems in backend engineering, Siim Kaspar Uustalu
 
What is MultiChain Technology?
What is MultiChain Technology?What is MultiChain Technology?
What is MultiChain Technology?
 
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki WattMicroservices Manchester: Security, Microservces and Vault by Nicki Watt
Microservices Manchester: Security, Microservces and Vault by Nicki Watt
 
Segregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debateSegregated witness and bitcoin scaling debate
Segregated witness and bitcoin scaling debate
 
Token platform based on sidechain
Token platform based on sidechainToken platform based on sidechain
Token platform based on sidechain
 
The Bitcoin Lightning Network
The Bitcoin Lightning NetworkThe Bitcoin Lightning Network
The Bitcoin Lightning Network
 
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
Architecture of the Hyperledger Blockchain Fabric - Christian Cachin - IBM Re...
 
Hyperledger community update 20180528
Hyperledger community update 20180528Hyperledger community update 20180528
Hyperledger community update 20180528
 

Similar to Talk Microservices to Me: The Role of IAM in Microservice Architecture

The Role of IAM in Microservices
The Role of IAM in MicroservicesThe Role of IAM in Microservices
The Role of IAM in Microservices
WSO2
 
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
WSO2
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David Borsos
OpenCredo
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
Prabath Siriwardena
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
WSO2
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
Prabath Siriwardena
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
Prabath Siriwardena
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and Strategies
Rodrigo Cândido da Silva
 
Microservices
MicroservicesMicroservices
Microservices
NewsCred Dhaka
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager
WSO2
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
Nordic APIs
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes Security
All Things Open
 
Microservices in GO lang
Microservices in GO langMicroservices in GO lang
Microservices in GO lang
SHAKIL AKHTAR
 
WSO2 API microgateway introduction
WSO2 API microgateway introductionWSO2 API microgateway introduction
WSO2 API microgateway introduction
Chanaka Fernando
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
WSO2
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
Lucian Neghina
 
Introduction to event based microservices
Introduction to event based microservicesIntroduction to event based microservices
Introduction to event based microservices
Grigoris Grigoriadis
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
MOnCloud
 

Similar to Talk Microservices to Me: The Role of IAM in Microservice Architecture (20)

The Role of IAM in Microservices
The Role of IAM in MicroservicesThe Role of IAM in Microservices
The Role of IAM in Microservices
 
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
[WSO2Con EU 2018] Realizing Implementation of Cell-Based Architecture
 
Microservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David BorsosMicroservices Manchester: Authentication in Microservice Systems by David Borsos
Microservices Manchester: Authentication in Microservice Systems by David Borsos
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Microservices Security Landscape
Microservices Security LandscapeMicroservices Security Landscape
Microservices Security Landscape
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and Strategies
 
Microservices
MicroservicesMicroservices
Microservices
 
[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager[Webinar] WSO2 API Microgateway with Okta as Key Manager
[Webinar] WSO2 API Microgateway with Okta as Key Manager
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
Introduction to Kubernetes Security
Introduction to Kubernetes SecurityIntroduction to Kubernetes Security
Introduction to Kubernetes Security
 
Microservices in GO lang
Microservices in GO langMicroservices in GO lang
Microservices in GO lang
 
WSO2 API microgateway introduction
WSO2 API microgateway introductionWSO2 API microgateway introduction
WSO2 API microgateway introduction
 
[Workshop] API-driven Integration
[Workshop] API-driven Integration[Workshop] API-driven Integration
[Workshop] API-driven Integration
 
Microservices Architecture
Microservices ArchitectureMicroservices Architecture
Microservices Architecture
 
Introduction to event based microservices
Introduction to event based microservicesIntroduction to event based microservices
Introduction to event based microservices
 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
 

More from WSO2

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
WSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
WSO2
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
WSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
WSO2
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
WSO2
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2
 

More from WSO2 (20)

Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
WSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the CloudWSO2CON 2024 - Elevating the Integration Game to the Cloud
WSO2CON 2024 - Elevating the Integration Game to the Cloud
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital BusinessesWSO2CON 2024 - Software Engineering for Digital Businesses
WSO2CON 2024 - Software Engineering for Digital Businesses
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of TransformationWSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
WSO2CON 2024 - Designing Event-Driven Enterprises: Stories of Transformation
 

Recently uploaded

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
christinelarrosa
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
UiPathCommunity
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
ScyllaDB
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
Tobias Schneck
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
zjhamm304
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
UiPathCommunity
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
ScyllaDB
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
Fwdays
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
christinelarrosa
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
Ortus Solutions, Corp
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
DianaGray10
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
FilipTomaszewski5
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 

Recently uploaded (20)

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Christine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptxChristine's Product Research Presentation.pptx
Christine's Product Research Presentation.pptx
 
Session 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdfSession 1 - Intro to Robotic Process Automation.pdf
Session 1 - Intro to Robotic Process Automation.pdf
 
ScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking ReplicationScyllaDB Tablets: Rethinking Replication
ScyllaDB Tablets: Rethinking Replication
 
Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!Containers & AI - Beauty and the Beast!?!
Containers & AI - Beauty and the Beast!?!
 
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...QA or the Highway - Component Testing: Bridging the gap between frontend appl...
QA or the Highway - Component Testing: Bridging the gap between frontend appl...
 
Day 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio FundamentalsDay 2 - Intro to UiPath Studio Fundamentals
Day 2 - Intro to UiPath Studio Fundamentals
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsGetting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
Getting the Most Out of ScyllaDB Monitoring: ShareChat's Tips
 
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin..."$10 thousand per minute of downtime: architecture, queues, streaming and fin...
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...
 
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptxPRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
PRODUCT LISTING OPTIMIZATION PRESENTATION.pptx
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!Introducing BoxLang : A new JVM language for productivity and modularity!
Introducing BoxLang : A new JVM language for productivity and modularity!
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
What is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE RolesWhat is an RPA CoE? Session 2 – CoE Roles
What is an RPA CoE? Session 2 – CoE Roles
 
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeckPoznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
Poznań ACE event - 19.06.2024 Team 24 Wrapup slidedeck
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 

Talk Microservices to Me: The Role of IAM in Microservice Architecture

  • 1. Technical Lead, WSO2 Talk Microservices to Me: The Role of IAM in Microservices Architecture Darshana Gunawardana
  • 2. Microservices ● The foundation of microservice architecture is about ○ Developing a single application as a collection of small and independent services ○ That are running in their own process, developed and deployed independently ● Provides a focused, scoped and modular approach for application design ● Not just about an architectural pattern ○ Driven by the primary goal  - speed to production
  • 3. ● All the services are deployed in the same application ● The application server itself provides session management features ○ All the services can share a user’s login status ● The interactions between services are local calls ● Authentication is done centrally at an interceptor ● Passing login context varies from one platform to another Monolithic Applications
  • 4. Traditional Application level security ● Authenticating end user ○ Multiple user repositories ○ Multiple IdPs ● Authorizing end user ○ Centralized policy enforcement ○ Centralized policy evaluation
  • 6. ● Microservices are independent to each other ○ Each service has to enforce authentication, authorization ● Broader attack surface ● Scalability ○ Each service will serve thousands of requests per second ○ There can be hundreds of microservices ● Performance ● Deployment complexities ● Polyglot architecture Challenges
  • 7. On behalf of user, need to access secured microservices by multiple clients Problem
  • 9. Access delegation based on OAuth 2.0 Solution
  • 10. OAuth 2.0 OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Grant access to the OAuth client to access a resource under a provided scope Resource Owner Introspect
  • 11. OAuth 2.0 - Self Contained Access Tokens OAuth Authorization Server OAuth Resource Server OAuth Client Get a token to access the resource on behalf of the resource owner Access the resource Resource Owner Grant access to the OAuth client to access a resource under a provided scope JWT <Trust>
  • 12. ● Secure development ○ Static, dynamic code analysis to make sure we do not introduce security vulnerabilities at the code level ○ Should be part of CICD process ○ Should have shorter feedback cycles ● Secure deployment ○ Service-per-host ○ Container level security ● Application level security ○ Authenticating, Authorizing end user ○ Securing channels between microservices Microservices Security
  • 13. Application level security ● Edge Security ○ Authenticating end user ○ Authorizing end user against the common policies ● Service To Service Security ○ Share user context securely ○ Authorizing against specific policies
  • 18. TLS Mutual Authentication ● Each microservice will have its own certificate to prove its identity ● How do we provision certificates to each microservice? ● How do we deal with certificate revocations? ● How do we deal with trust bootstrap? ● How do we deal with key rotation?
  • 19. SPIFFE ● Secure Production Identity Framework for Everyone ● SPIFFE tries to solve the trust bootstrap problem in a platform agnostic manner ● SPIFFE provides an identity to each workload in a microservices deployment, which is known as the SPIFFE ID ○ E.g.: spiffe://acme.com/billing/payments ● Implementations - SPIRE, Istio
  • 20. SPIFFE Workload SPIRE Server B Host A Workload Host B Proof of Identity SPIRE Server A SPIRE AgentSPIRE Agent Retrieve SVID Verify SVID
  • 21. SPIFFE / SPIRE Workload SPIRE Agent SPIRE Server EC2 InstanceAWS Metadata API 1 4 7 3 6 2 5
  • 22. JWT (JSON Web Token) ● Defines a container to transport data between interested parties ● There are multiple applications of JWT ○ In OpenID Connect the id_token is represented as a JWT ● Propagate one’s identity between interested parties ● Propagate user entitlements between interested parties ● Transfer data securely between interested parties over a unsecured channel ● Assert one’s identity, given that the recipient of the JWT trusts the asserting party
  • 23. JWT (JSON Web Token) eyJhbGciOiJSUzI1NiIsImtpZCI6Ijc4YjRjZjIzNjU2ZGMzOTUzNjRmMWI2YzAyOTA3NjkxZjJjZGZmZTEifQ.eyJpc3MiOiJh Y2NvdW50cy5nb29nbGUuY29tIiwic3ViIjoiMTEwNTAyMjUxMTU4OTIwMTQ3NzMyIiwiYXpwIjoiODI1MjQ5ODM1NjU5LX RlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tIiwiZW1haWwi OiJwcmFiYXRoQHdzbzIuY29tIiwiYXRfaGFzaCI6InpmODZ2TnVsc0xCOGdGYXFSd2R6WWciLCJlbWFpbF92ZXJpZmll ZCI6dHJ1ZSwiYXVkIjoiODI1MjQ5ODM1NjU5LXRlOHFnbDcwMWtnb25ub21ucDRzcXY3ZXJodTEyMTFzLmFwcHMuZ29 vZ2xldXNlcmNvbnRlbnQuY29tIiwiaGQiOiJ3c28yLmNvbSIsImlhdCI6MTQwMTkwODI3MSwiZXhwIjoxNDAxOTEyMTcxf Q.TVKv-pdyvk2gW8sGsCbsnkqsrS0T-H00xnY6ETkIfgIxfotvFn5IwKm3xyBMpy0FFe0Rb5Ht8AEJV6PdWyxz8rMgX2H ROWqSo_RfEfUpBb4iOsq4W28KftW5H0IA44VmNZ6zU4YTqPSt4TPhyFC9fP2D_Hg7JQozpQRUfbWTJI
  • 24. JWT (JSON Web Token) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWS Payload) BASE64URL-ENCODE (JWS Signature) BASE64URL-ENCODE (UTF8(JOSE Header)) BASE64URL-ENCODE (JWE Encrypted Key) BASE64URL-ENCODE (Initialization Vector) BASE64URL-ENCODE (Ciphertext) BASE64URL-ENCODE (Authentication Tag)
  • 26. ● Interoperable JWT for authentication and authorization ● Introduce 2 new claims to the MP-JWT ○ "upn": A human readable claim that uniquely identifies the subject or user principal of the token ○ "groups": The token subject's group memberships ● Enables Role Based Access Control (RBAC) MicroProfile JWT (MP-JWT)
  • 27. Policy Evaluation (Central PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice Single Container PDP jwt jwt jwt Authz req Authz resp
  • 28. Policy Evaluation (Embedded PDP) Single Container Single Container Single Container Microservice Microservice Microservice Single Container Microservice jwt jwt jwt PDP PDP PDP PDP PAP <Subscribe> <Subscribe> <Publish Policies>
  • 29. ● A lightweight general-purpose policy engine that can be co-located with the service ● Can integrate OPA as a sidecar, host-level daemon, or library. ● Integrated with Spring, Service Mesh implementations (Istio, Linkerd) Open Policy Agent (OPA)
  • 31. Docker ● Docker allows to run multiple services on the same host machine ● Not only exposing a different environment to each of them, but also isolating them from each other
  • 32. Kubernetes ● Kubernetes abstracts away the hardware infrastructure and exposes your whole deployment as a single enormous computational resource ● Allows to easily deploy and manage containerized applications on top of it
  • 33. Kubernetes (Pods) Container Container 1 Container 1 Container 2 Pod 1 IP: 10.1.0.1 Pod 2 IP: 10.1.0.2 Pod 3 IP: 10.1.0.3 Container Container 1 Container 1 Container 2 Pod 4 IP: 10.1.0.4 Pod 5 IP: 10.1.0.2 Pod 6 IP: 10.1.0.3 Container 2 Worker Node 1 Worker Node 2
  • 36. ● Microservices paradigm introduces new set of challenges to enforce security ● Lots of new threads to enforce application, deployment security in microservices ● API driven strong access delegation capabilities is a MUST for microservices friendly IAM Summary