Suche senden
Hochladen
Securing MicroServices - ConFoo 2017
•
2 gefällt mir
•
610 views
Majid Fatemian
Folgen
Here are the slides for the talk, "Securing MicroService".
Weniger lesen
Mehr lesen
Software
Melden
Teilen
Melden
Teilen
1 von 67
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
Microservices
Microservices
Artur Prado
Get more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo Montreal
Maarten Balliauw
Microservices Minus the Hype: How to Build and Why
Microservices Minus the Hype: How to Build and Why
Mark Heckler
Monitoring system with Grafana and StatsD
Monitoring system with Grafana and StatsD
Artur Prado
Docker and java, at Montréal JUG
Docker and java, at Montréal JUG
Anthony Dahanne
The Soul in The Machine - Developing for Humans
The Soul in The Machine - Developing for Humans
Christian Heilmann
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo Montreal
Maarten Balliauw
The Progressive Web and its New Challenges - Confoo Montréal 2017
The Progressive Web and its New Challenges - Confoo Montréal 2017
Christian Heilmann
Empfohlen
Microservices
Microservices
Artur Prado
Get more than a cache back! - ConFoo Montreal
Get more than a cache back! - ConFoo Montreal
Maarten Balliauw
Microservices Minus the Hype: How to Build and Why
Microservices Minus the Hype: How to Build and Why
Mark Heckler
Monitoring system with Grafana and StatsD
Monitoring system with Grafana and StatsD
Artur Prado
Docker and java, at Montréal JUG
Docker and java, at Montréal JUG
Anthony Dahanne
The Soul in The Machine - Developing for Humans
The Soul in The Machine - Developing for Humans
Christian Heilmann
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo Montreal
Maarten Balliauw
The Progressive Web and its New Challenges - Confoo Montréal 2017
The Progressive Web and its New Challenges - Confoo Montréal 2017
Christian Heilmann
Accessible & Usable Web Forms. Your How To Guide!
Accessible & Usable Web Forms. Your How To Guide!
Rabab Gomaa
ConFoo 2017: Introduction to performance optimization of .NET web apps
ConFoo 2017: Introduction to performance optimization of .NET web apps
Pierre-Luc Maheu
Sensible scaling
Sensible scaling
Rowan Merewood
Git store
Git store
Kirsten Hunter
Api intensive - What they Are
Api intensive - What they Are
Kirsten Hunter
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
Mark Heckler
Living on the Edge (Service): Bundling Microservices to Optimize Consumption ...
Living on the Edge (Service): Bundling Microservices to Optimize Consumption ...
Mark Heckler
Designing irresistible apis
Designing irresistible apis
Kirsten Hunter
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
Mark Heckler
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Mark Heckler
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Mark Heckler
Going Reactive with Spring 5 & Project Reactor
Going Reactive with Spring 5 & Project Reactor
Mark Heckler
Protect your Users with Circuit breakers
Protect your Users with Circuit breakers
Scott Triglia
Techniques for Cross Platform .NET Development
Techniques for Cross Platform .NET Development
Jeremy Hutchinson
Making The Most Of Internship
Making The Most Of Internship
Pramod Kumar Srivastava
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Robert Brandel
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
apidays
Boxcars and Cabooses: When one more XHR is too much - Peter Chittum - Codemot...
Boxcars and Cabooses: When one more XHR is too much - Peter Chittum - Codemot...
Codemotion
PistonHead's use of MongoDB for Analytics
PistonHead's use of MongoDB for Analytics
Andrew Morgan
Losant craig baldwin cwin18_toulouse
Losant craig baldwin cwin18_toulouse
Capgemini
126 Golconde
126 Golconde
elliando dias
Office Developers Conference - Financial Services OBAs
Office Developers Conference - Financial Services OBAs
Mike Walker
Weitere ähnliche Inhalte
Andere mochten auch
Accessible & Usable Web Forms. Your How To Guide!
Accessible & Usable Web Forms. Your How To Guide!
Rabab Gomaa
ConFoo 2017: Introduction to performance optimization of .NET web apps
ConFoo 2017: Introduction to performance optimization of .NET web apps
Pierre-Luc Maheu
Sensible scaling
Sensible scaling
Rowan Merewood
Git store
Git store
Kirsten Hunter
Api intensive - What they Are
Api intensive - What they Are
Kirsten Hunter
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
Mark Heckler
Living on the Edge (Service): Bundling Microservices to Optimize Consumption ...
Living on the Edge (Service): Bundling Microservices to Optimize Consumption ...
Mark Heckler
Designing irresistible apis
Designing irresistible apis
Kirsten Hunter
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
Mark Heckler
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Mark Heckler
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Mark Heckler
Going Reactive with Spring 5 & Project Reactor
Going Reactive with Spring 5 & Project Reactor
Mark Heckler
Protect your Users with Circuit breakers
Protect your Users with Circuit breakers
Scott Triglia
Techniques for Cross Platform .NET Development
Techniques for Cross Platform .NET Development
Jeremy Hutchinson
Making The Most Of Internship
Making The Most Of Internship
Pramod Kumar Srivastava
Andere mochten auch
(15)
Accessible & Usable Web Forms. Your How To Guide!
Accessible & Usable Web Forms. Your How To Guide!
ConFoo 2017: Introduction to performance optimization of .NET web apps
ConFoo 2017: Introduction to performance optimization of .NET web apps
Sensible scaling
Sensible scaling
Git store
Git store
Api intensive - What they Are
Api intensive - What they Are
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
Living on the Edge (Service): Bundling Microservices to Optimize Consumption ...
Living on the Edge (Service): Bundling Microservices to Optimize Consumption ...
Designing irresistible apis
Designing irresistible apis
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
This stuff is cool, but...HOW CAN I GET MY COMPANY TO DO IT?
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Clouds & Containers: Hit the High Points and Give it to Me Straight, What's t...
Going Reactive with Spring 5 & Project Reactor
Going Reactive with Spring 5 & Project Reactor
Protect your Users with Circuit breakers
Protect your Users with Circuit breakers
Techniques for Cross Platform .NET Development
Techniques for Cross Platform .NET Development
Making The Most Of Internship
Making The Most Of Internship
Ähnlich wie Securing MicroServices - ConFoo 2017
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Robert Brandel
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
apidays
Boxcars and Cabooses: When one more XHR is too much - Peter Chittum - Codemot...
Boxcars and Cabooses: When one more XHR is too much - Peter Chittum - Codemot...
Codemotion
PistonHead's use of MongoDB for Analytics
PistonHead's use of MongoDB for Analytics
Andrew Morgan
Losant craig baldwin cwin18_toulouse
Losant craig baldwin cwin18_toulouse
Capgemini
126 Golconde
126 Golconde
elliando dias
Office Developers Conference - Financial Services OBAs
Office Developers Conference - Financial Services OBAs
Mike Walker
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
DevSecCon
Oracle Goldengate for Big Data - LendingClub Implementation
Oracle Goldengate for Big Data - LendingClub Implementation
Vengata Guruswamy
LendingClub RealTime BigData Platform with Oracle GoldenGate
LendingClub RealTime BigData Platform with Oracle GoldenGate
Rajit Saha
AWS Neptune - A Fast and reliable Graph Database Built for the Cloud
AWS Neptune - A Fast and reliable Graph Database Built for the Cloud
Amazon Web Services
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Andy Maleh
IoT Developer Confrence - A Novel Approach: IoT Device Virtualization using M...
IoT Developer Confrence - A Novel Approach: IoT Device Virtualization using M...
KnowThings
CQRS and Event Sourcing: A DevOps perspective
CQRS and Event Sourcing: A DevOps perspective
Maria Gomez
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
TI Safe
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Stefan Streichsbier
EDA Meets Data Engineering – What's the Big Deal?
EDA Meets Data Engineering – What's the Big Deal?
confluent
GE’s Industrial Data Lake Platform
GE’s Industrial Data Lake Platform
International Society of Service Innovation Professionals
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Amazon Web Services
Ähnlich wie Securing MicroServices - ConFoo 2017
(20)
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
Slideshare.net rh-isac summit 2019 - adam pennington - leveraging mitre at ta...
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
APIsecure 2023 - What if privacy had an API?, Sean Falconer (Skyflow)
Boxcars and Cabooses: When one more XHR is too much - Peter Chittum - Codemot...
Boxcars and Cabooses: When one more XHR is too much - Peter Chittum - Codemot...
PistonHead's use of MongoDB for Analytics
PistonHead's use of MongoDB for Analytics
Losant craig baldwin cwin18_toulouse
Losant craig baldwin cwin18_toulouse
126 Golconde
126 Golconde
Office Developers Conference - Financial Services OBAs
Office Developers Conference - Financial Services OBAs
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
DevSecCon London 2018: Securing a web app: business security VS the OWASP top 10
Oracle Goldengate for Big Data - LendingClub Implementation
Oracle Goldengate for Big Data - LendingClub Implementation
LendingClub RealTime BigData Platform with Oracle GoldenGate
LendingClub RealTime BigData Platform with Oracle GoldenGate
AWS Neptune - A Fast and reliable Graph Database Built for the Cloud
AWS Neptune - A Fast and reliable Graph Database Built for the Cloud
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
Becoming a SOC2 Ruby Shop - Montreal.rb November, 5, 2022 Ruby Meetup
IoT Developer Confrence - A Novel Approach: IoT Device Virtualization using M...
IoT Developer Confrence - A Novel Approach: IoT Device Virtualization using M...
CQRS and Event Sourcing: A DevOps perspective
CQRS and Event Sourcing: A DevOps perspective
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
CLASS 2022 - Felipe Jordão (Palo Alto Networks) - Boas práticas de operações ...
Practical Secure Coding Workshop - {DECIPHER} Hackathon
Practical Secure Coding Workshop - {DECIPHER} Hackathon
EDA Meets Data Engineering – What's the Big Deal?
EDA Meets Data Engineering – What's the Big Deal?
GE’s Industrial Data Lake Platform
GE’s Industrial Data Lake Platform
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Kürzlich hochgeladen
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
tonesoftg
tonesoftg
lanshi9
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
masabamasaba
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
WSO2
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
Jittipong Loespradit
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
Shane Coughlan
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
SelfMade bd
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
WSO2
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
masabamasaba
Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid
Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid
Philip Schwarz
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
Jim McKeeth
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
masabamasaba
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
masabamasaba
Kürzlich hochgeladen
(20)
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
tonesoftg
tonesoftg
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid
Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
Securing MicroServices - ConFoo 2017
1.
SECURINGMICRO-SERVICES
2.
Majid Fatemian R E
D V E N T U R E S @majidfn
3.
TECHNOLOGY-DRIVEN CUSTOMER ACQUISITION SALES &
MARKETING
4.
TRACKING ANALYTICS BILLING ORDERING CHAT FINE-GRAINED TECHNOLOGY / PROTOCOL
AGNOSTIC ELASTIC, RESILIENT
5.
TRACKING GEO ROUTING DATA SCIENCE RULES ENGINE INTERACTIVE VOICE RESPONSE ORDER BILLING SERVICE ABILITY CHAT COMPLIANCE ANALYTICS PHONE NUMBER ASSIGNMENT
6.
01011 REDVENTURES ✔ ✔ ✘✔ ✘ ✘
7.
VS. AUTHORIZATION AUTHENTICATION
8.
AUTHORIZATION VERIFYING THE IDENTITY
OF A USER / PROCESS PERMITTING ACCESS / ACTION TO RESOURCES AUTHENTICATION
9.
AUTHENTICATION
10.
REUSE VS. BUILD
11.
AUTHENTICATION 1 ACTIVE DIRECTORY
12.
ACTIVE DIRECTORY Application
13.
Application External Internal
14.
AUTHENTICATION OKTA 1 2 ACTIVE DIRECTORY
15.
ACTIVE DIRECTORY SAM L Application External Internal
16.
SAML - SECURITY
ASSERTION MARKUP LANGUAGE SERVICE PROVIDER USER IDENTITY PROVIDER Request resource Redirects to SSO Identify User SAML Respond with requested Resource SAML
17.
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="pfx41d8ef22- e612-8c50-9960-1b16f15741b3" Version="2.0" ProviderName="SP test" IssueInstant="2014-07-16T23:52:45Z" Destination="http://idp.example.com/ SSOService.php" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://sp.example.com/demo1/ index.php?acs"> <saml:Issuer>http://sp.example.com/demo1/metadata.php</saml:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#pfx41d8ef22-e612-8c50-9960-1b16f15741b3"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>yJN6cXUwQxTmMEsPesBP2NkqYFI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>g5eM9yPnKsmmE/Kh2qS7nfK8HoF…3socPqAi2Qf97E=</ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate>MIICajCCAdOgAwIBAgIBADANBgkqhkiG9w0BAQQ…….BpspRYT+kAGiFomHop1nErV6Q==</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/> <samlp:RequestedAuthnContext Comparison="exact"> <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest>
18.
ACTIVE DIRECTORY SAM L SERVICE 1 SERVICE 2 SERVICE 3 SAML
19.
AUTHENTICATION OKTA 1 2 3 JWT (JSON
WEB TOKEN) ACTIVE DIRECTORY
20.
ACTIVE DIRECTORY SAM L + JWT JWT SERVICE 1 SERVICE 2 SERVICE 3
21.
JWT Identity Provider SERVICE PublicPrivate + JWT
22.
JWT eyJXAiiJKV1Qi.eyJ1c2VySWQi4ZjItOGZhYi1jZWYzOTAjYwYQ.-xHVTCMdoHrcZxH Header Payload Signature
23.
JWT - PAYLOAD { "email":
"mfatemian@redventures.com", "userName": "mfatemian", "firstName": "Majid", "lastName": "Fatemian", "employeeID": "11520", "jti": "7bc4561ab-b6c8e2-76b1-31a3-a9bb90fb67c", "iat": 1487910598, "exp": 1487953798 }
24.
AUTHORIZATION
25.
Read
26.
AUTHORIZATION CAN USER READ
FROM ATT&T IN ANALYTICS? CAN USER READ FROM VERIZON IN ANALYTICS? ✔ ✘
27.
THE PROBLEM AD GROUPS
CUSTOM AD GROUPS CUSTOM
28.
▸Scattered ▸Inconsistent ▸No Monitoring ▸No Centralized
control
29.
DESIRED SOLUTION ▸ Centralized ▸
Simple ▸ Scalable ▸ Monitoring ▸ Easily Manageable
30.
EXISTING AUTHZ SOLUTIONS SERVICE 1 SERVICE 2 SERVICE 3 SERVICE 4 SERVICE 5 SERVICE 6 AUTHORIZATION
31.
+ JWT SERVICE 1 SERVICE 2 SERVICE 3 SERVICE 4 SERVICE 5 SERVICE 6 AUTHORIZATION 1 ROUND TRIP
/ ACTION EXISTING AUTHZ SOLUTIONS
32.
▸ Round-trips ▸ Roles,
Groups, etc ▸ Complex
33.
▸ Round-trips ▸ Roles,
Groups, etc ▸ Complex
34.
SIMPLIFIED AUTHORIZATION
35.
Read
36.
AREA 1 AREA 2 AREA
3 Action
37.
AREASERVICE ACTION analytics verizon
write
38.
SERVICE ACTIONGLOBAL analytics writeglobal
39.
Action GLOBAL
40.
AREA 1 AREA 2 AREA
3 Action GLOBAL
41.
{ "analytics": { "write":
["verizon", "att"], "read": ["global"] }, "data_science": { "report": ["att"] } }
42.
JWT - PAYLOAD { "email":
"mfatemian@redventures.com", "userName": "mfatemian", "firstName": "Majid", "lastName": "Fatemian", "employeeID": "11520", "permissions":{"analytics": {"write": ["verizon","att"],"read": ["global"]},"data_science": {"report": ["att"]}}, "jti": "7bc4561ab-b6c8e2-76b1-31a3-a9bb90fb67c", "iat": 1487910598, "exp": 1487953798 }
43.
JWT - PAYLOAD { "email":
"mfatemian@redventures.com", "userName": "mfatemian", "firstName": "Majid", "lastName": "Fatemian", "employeeID": "11520", "permissions":{"analytics": {"write": ["verizon","att"],"read": ["global"]},"data_science": {"report": ["att"]}}, "jti": "7bc4561ab-b6c8e2-76b1-31a3-a9bb90fb67c", "iat": 1487910598, "exp": 1487953798 }
44.
45.
HTTP 413 -
REQUEST ENTITY TOO LARGE Default Header 8K
46.
gzip | base64
47.
JWT - PAYLOAD { "email":
"mfatemian@redventures.com", "userName": "mfatemian", "firstName": "Majid", "lastName": "Fatemian", "employeeID": "11520", "permissions": "H4sIAAmrs1gAAx3L…qAIBRF0XnLeGN", "jti": "7bc4561ab-b6c8e2-76b1-31a3-a9bb90fb67c", "iat": 1487910598, "exp": 1487953798 }
48.
JWT - PAYLOAD { "email":
"mfatemian@redventures.com", "userName": "mfatemian", "firstName": "Majid", "lastName": "Fatemian", "employeeID": "11520", "permissions": "H4sIAAmrs1gAAx3L…qAIBRF0XnLeGN", "jti": "7bc4561ab-b6c8e2-76b1-31a3-a9bb90fb67c", "iat": 1487910598, "exp": 1487953798 }
49.
SAML JWT SERVICE 1 SERVICE 2 SERVICE 3 + JWT
50.
SAML + JWT + PERMISSIONS JWT SERVICE 1 SERVICE 2 SERVICE 3 AUTHORIZATION PERMISSIONS
51.
+ JWT DATASCIENCE ATT&T READ Y /
N {
52.
▸ Centralized ▸ Simple ▸
Scalable ▸ Monitoring ▸ Easily Manageable
53.
SAML + JWT + PERMISSIONS JWT SERVICE 1 SERVICE 2 SERVICE 3 AUTHORIZATION PERMISSIONS
54.
SAML + JWT + PERMISSIONS JWT SERVICE 1 SERVICE 2 SERVICE 3 AUTHORIZATION PERMISSIONS MANAGEMENT
55.
AUTHORIZATION SERVICE, AUTHORIZES
ITSELF + JWT AUTHORIZATION DATA SCIENCE ADD USER Y / N {
56.
INTEGRATION
57.
THE PROBLEM AD GROUPS
CUSTOM AD GROUPS CUSTOM
58.
CLIENT LIBS }golang C# JavaScript PHP
59.
IsAuthorized(JWT, "data_science", "verizon",
"read") True | False
60.
TRACKING ANALYSIS BILLING ORDERING SERVICE ABILITY GEO CHAT 01011 R E
D V E N T U R E S DATA SCIENCE
61.
TRACKING ANALYSIS BILLING ORDERING SERVICE ABILITY GEO CHAT 01011 R E
D V E N T U R E S DATA SCIENCE
62.
MONITORING & ALERTING TRACKING ANALYSIS BILLING ORDERING
SERVICE ABILITY MONITORING ALERTING DATA SCIENCE LOGGING
63.
▸ Centralized ▸ Simple ▸
Scalable ▸ Monitoring ▸ Easily Manageable
64.
▸ Open source ▸
Okta dependency FUTURE WORK
65.
REUSE BUILD1 2 TOKEN
BASED AUTH 3 SIMPLE ≠ INSECURE >
66.
THANK YOU! QUESTIONS?
Jetzt herunterladen