Spellpoint presentation slides from Ubisecure's IAMwithUBI Nordic IAM event May 2018. How Customer IAM (CIAM) principles and technology can be applied to identities for microservices to provide authentication and authorization of APIs.
2. Microservice has no finger to type with
Securing Access for the non-interactive
24.5.2018 Tero Pasanen, Senior IAM Architect
3. Identity and Access Management (IAM)…
…is needed because all data cannot be available to everyone.
So how to grant and enforce right accesses efficiently
…and how to ensure security.
4. …this holds true for the more traditional software ecosystem, but what
about the modern, agile, API based architectures?
8. So are we lost in digital transformation?
It’s API, it’s all open to
everyone
Someone will take care of
it, we’ll have an API for
that
Where do you get the
data for the access
control API?
Someone will take care of
it, we’ll have an API for that
13. There are more attack surfaces in the microservices world
14. So we need to authenticate and authorize
Authenticate source and target
API’s
To ensure data confidentiality and
integrity
Authorize end-user actions
.. in the way-way back-end systems
18. Take away
With microservices we still have an end-point - service URL - to protect. Lo-and-
behold - that is just what customer IAM SSO services do.
Be efficient utilizing light weight protocols like OpenID Connect for
authentication and OAuth for authorization.
And provide access to legacy applications using the already established
controls.