SlideShare ist ein Scribd-Unternehmen logo

Spellpoint - Securing Access for Microservices

Ubisecure
Ubisecure

Spellpoint presentation slides from Ubisecure's IAMwithUBI Nordic IAM event May 2018. How Customer IAM (CIAM) principles and technology can be applied to identities for microservices to provide authentication and authorization of APIs.

Technologie
1 von 20
Downloaden Sie, um offline zu lesen
SPELLPOINT N O R D I C I A M C O N F E R E N C E 2 0 1 8
Microservice has no finger to type with Securing Access for the non-interactive 24.5.2018 Tero Pasanen, Senior IAM Architect
Identity and Access Management (IAM)… …is needed because all data cannot be available to everyone. So how to grant and enforce right accesses efficiently …and how to ensure security.
…this holds true for the more traditional software ecosystem, but what about the modern, agile, API based architectures?
Well. Does it really matter? I mean, what matters to the end-user?
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC  Monolith dusty mainframe servers  Latest buzzword friendly microservices backed by blockchain audit ledgers? 21a0d5 Service 1 Service 2
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC What matters to the end-user… Correct data and trust …and probably usability too.
So are we lost in digital transformation? It’s API, it’s all open to everyone Someone will take care of it, we’ll have an API for that Where do you get the data for the access control API? Someone will take care of it, we’ll have an API for that
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC All-out API environment?  Probably not.  Consider consistent user rights across different types of sw ecosystems  Avoid platform lock-in
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem – Remember SOA? SOA People Process Practice Platform  Existing investments?  ESB  API Gateway  SAML  OpenID Connect, Oauth, JWT  SOA – Agile?
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem puts agility in the dead center Agility & DevOps Quick to develop Easy to deploy Possibly short- lived Easily scalable
However…
There are more attack surfaces in the microservices world
So we need to authenticate and authorize  Authenticate source and target API’s  To ensure data confidentiality and integrity  Authorize end-user actions  .. in the way-way back-end systems
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Ways to do it  API Key “Do you know who I am?”  OAuth (possibly with JWT) as bearer token “I’ve got a ticket to ride”  MSSL (Mutual Authentication) “..and I can prove it”
Performance matters Amazon: 100ms of latency cost 1% in sales Google: extra 0.5 seconds in search page generation time dropped traffic by 20%
Looks a lot like traditional IAM
Take away With microservices we still have an end-point - service URL - to protect. Lo-and- behold - that is just what customer IAM SSO services do. Be efficient utilizing light weight protocols like OpenID Connect for authentication and OAuth for authorization. And provide access to legacy applications using the already established controls.
Copyright © Spellpoint Oy, 2000 – 2018 CONFIDENTIAL SECURING THE DIGITAL EVOLUTION
END OF PRESENTATION

Empfohlen

Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyUbisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...Ubisecure
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesUbisecure
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityUbisecure
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldUbisecure
 
Blockchain with iot
Blockchain with iotBlockchain with iot
Blockchain with iotSuryaKumarSahani
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
 

Empfohlen

Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Kantara - Digital Identity in 2018
Kantara - Digital Identity in 2018Ubisecure
 
Aditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyAditro - IAM as part of Cloud Business strategy
Aditro - IAM as part of Cloud Business strategyUbisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...Ubisecure
 
Inside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesInside Security - Strong Authentication with Smartphones
Inside Security - Strong Authentication with SmartphonesUbisecure
 
Open Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityOpen Identity Exchange - the Global Growth of Digital Identity
Open Identity Exchange - the Global Growth of Digital IdentityUbisecure
 
Telia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldTelia - The New Norm of the Digital World
Telia - The New Norm of the Digital WorldUbisecure
 
Blockchain with iot
Blockchain with iotBlockchain with iot
Blockchain with iotSuryaKumarSahani
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
 
The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020OpenID Foundation Japan
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupCohesive Networks
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity ForgeRock
 
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeConsent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeForgeRock
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseForgeRock
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3Chin Wan Lim
 
Trends in IRM: Internet of Things
Trends in IRM: Internet of ThingsTrends in IRM: Internet of Things
Trends in IRM: Internet of ThingsForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_enAlix Murphy
 
Belgian mobile ID presents itsme
Belgian mobile ID presents itsmeBelgian mobile ID presents itsme
Belgian mobile ID presents itsmeBelgian Mobile ID - itsme
 
Smart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CitySmart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CityPeter Waher
 
A digital society needs a digital id
A digital society needs a digital idA digital society needs a digital id
A digital society needs a digital idCapgemini
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyFIDO Alliance
 
Loqr
LoqrLoqr
LoqrCaixa Geral Depósitos
 
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID - itsme
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfGartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfForgeRock
 
Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is SexyWSO2
 

Weitere ähnliche Inhalte

Was ist angesagt?

The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020OpenID Foundation Japan
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupCohesive Networks
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity ForgeRock
 
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeConsent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeForgeRock
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsAlex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014Chin Wan Lim
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseForgeRock
 
Trends in IRM: Internet of Things
Trends in IRM: Internet of ThingsTrends in IRM: Internet of Things
Trends in IRM: Internet of ThingsForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)ForgeRock
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_enAlix Murphy
 
Smart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CitySmart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CityPeter Waher
 
A digital society needs a digital id
A digital society needs a digital idA digital society needs a digital id
A digital society needs a digital idCapgemini
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyFIDO Alliance
 
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID - itsme
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
 
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfGartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfForgeRock
 

Was ist angesagt? (20)

The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020The Future of Identity - OpenID Summit 2020
The Future of Identity - OpenID Summit 2020
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' MeetupChris Swan's presentation from the London Tech Entrepreneurs' Meetup
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
 
Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity Go Beyond PSD2 Compliance with Digital Identity
Go Beyond PSD2 Compliance with Digital Identity
 
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy ChallengeConsent 2.0: Applying User-Managed Access to the Privacy Challenge
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from PatentsBlockchain Decentralized Identifier (DID) Innovation Insights from Patents
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
 
SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014SecureMAG Volume 6 - 2014
SecureMAG Volume 6 - 2014
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 ReleaseThe ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
 
SecureMAG Vol 3
SecureMAG Vol 3SecureMAG Vol 3
SecureMAG Vol 3
 
Trends in IRM: Internet of Things
Trends in IRM: Internet of ThingsTrends in IRM: Internet of Things
Trends in IRM: Internet of Things
 
Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)Intelligent Authentication (Identity Live Berlin 2018)
Intelligent Authentication (Identity Live Berlin 2018)
 
case-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_encase-study-on-digital-identity-swisscom-mobile-id_en
case-study-on-digital-identity-swisscom-mobile-id_en
 
Belgian mobile ID presents itsme
Belgian mobile ID presents itsmeBelgian mobile ID presents itsme
Belgian mobile ID presents itsme
 
Smart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart CitySmart City Lecture 1: How to build a Smart City
Smart City Lecture 1: How to build a Smart City
 
A digital society needs a digital id
A digital society needs a digital idA digital society needs a digital id
A digital society needs a digital id
 
A Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication JourneyA Telco and End-user Perspective on the Authentication Journey
A Telco and End-user Perspective on the Authentication Journey
 
Loqr
LoqrLoqr
Loqr
 
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another levelBelgian Mobile ID: taking digital ID to another level
Belgian Mobile ID: taking digital ID to another level
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - DusseldorfGartner - ForgeRock Identity Live 2017 - Dusseldorf
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
 

Ähnlich wie Spellpoint - Securing Access for Microservices

Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Rogue Wave Software
 
[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is SexyWSO2
 
[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is Sexy[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is SexyWSO2
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Codit
 
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdfINTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdfapidays
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public SafetyAdam Lewis
 
CWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insightsCWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insightsCapgemini
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLpqrs1234
 
AI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis GagneAI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis GagneDenis Gagné
 
[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven WorldWSO2
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftJitendra Bafna
 
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in HeavenOracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in HeavenCapgemini
 
Enabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseEnabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseSolace
 
RISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLDRISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLDForgeRock
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Den Reymer
 
Oracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenOracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenluisw19
 
Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?Solace
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of InnovationAPIsecure_ Official
 
OUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateOUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateJon Petter Hjulstad
 

Ähnlich wie Spellpoint - Securing Access for Microservices (20)

Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...Leveraging open banking specifications for rigorous API security – What’s in...
Leveraging open banking specifications for rigorous API security – What’s in...
 
[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy[WSO2Con USA 2018] Integration is Sexy
[WSO2Con USA 2018] Integration is Sexy
 
[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is Sexy[WSO2Con Asia 2018] Integration is Sexy
[WSO2Con Asia 2018] Integration is Sexy
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdfINTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
 
Identity as a Matter of Public Safety
Identity as a Matter of Public SafetyIdentity as a Matter of Public Safety
Identity as a Matter of Public Safety
 
CWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insightsCWIN17 Rome / AI and data insights
CWIN17 Rome / AI and data insights
 
Identity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAMLIdentity and Client Management using OpenID Connect and SAML
Identity and Client Management using OpenID Connect and SAML
 
AI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis GagneAI Microservices APIs and Business Automation as a Service Denis Gagne
AI Microservices APIs and Business Automation as a Service Denis Gagne
 
[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World[WSO2 Summit Brazil 2018] The API-driven World
[WSO2 Summit Brazil 2018] The API-driven World
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoftMuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
 
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in HeavenOracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
 
Enabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven EnterpriseEnabling a Real-Time, Agile, Event-Driven Enterprise
Enabling a Real-Time, Agile, Event-Driven Enterprise
 
RISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLDRISE OF THE MACHINES: IRM IN AN IOT WORLD
RISE OF THE MACHINES: IRM IN AN IOT WORLD
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015Gartner: Top 10 Technology Trends 2015
Gartner: Top 10 Technology Trends 2015
 
Oracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heavenOracle Code Capgemini: API management & microservices a match made in heaven
Oracle Code Capgemini: API management & microservices a match made in heaven
 
Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?Advanced Event Broker: what are they, and when should you use one?
Advanced Event Broker: what are they, and when should you use one?
 
2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation2022 APIsecure_Harnessing the Speed of Innovation
2022 APIsecure_Harnessing the Speed of Innovation
 
OUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrateOUGN 2018 - Chatbot and the need to integrate
OUGN 2018 - Chatbot and the need to integrate
 

Mehr von Ubisecure

User Management, Enablement, Directory
User Management, Enablement, DirectoryUser Management, Enablement, Directory
User Management, Enablement, DirectoryUbisecure
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use CasesUbisecure
 
Single Sign-On
Single Sign-OnSingle Sign-On
Single Sign-OnUbisecure
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationUbisecure
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-ServiceUbisecure
 
Using Strong / Verified Identities
Using Strong / Verified IdentitiesUsing Strong / Verified Identities
Using Strong / Verified IdentitiesUbisecure
 
Using Social & Business Identities
Using Social & Business IdentitiesUsing Social & Business Identities
Using Social & Business IdentitiesUbisecure
 
Delegation of Authority
Delegation of AuthorityDelegation of Authority
Delegation of AuthorityUbisecure
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectUbisecure
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Ubisecure
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsUbisecure
 
Introduction to Mobile Connect
Introduction to Mobile ConnectIntroduction to Mobile Connect
Introduction to Mobile ConnectUbisecure
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMUbisecure
 
SSH - Credentialess Cloud Access
SSH - Credentialess Cloud AccessSSH - Credentialess Cloud Access
SSH - Credentialess Cloud AccessUbisecure
 
Nixu - Passwords must Die!
Nixu - Passwords must Die!Nixu - Passwords must Die!
Nixu - Passwords must Die!Ubisecure
 
FICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong IdentificationFICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong IdentificationUbisecure
 

Mehr von Ubisecure (17)

User Management, Enablement, Directory
User Management, Enablement, DirectoryUser Management, Enablement, Directory
User Management, Enablement, Directory
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
 
Single Sign-On
Single Sign-OnSingle Sign-On
Single Sign-On
 
Multi-Factor Authentication & Authorisation
Multi-Factor Authentication & AuthorisationMulti-Factor Authentication & Authorisation
Multi-Factor Authentication & Authorisation
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-Service
 
Using Strong / Verified Identities
Using Strong / Verified IdentitiesUsing Strong / Verified Identities
Using Strong / Verified Identities
 
Using Social & Business Identities
Using Social & Business IdentitiesUsing Social & Business Identities
Using Social & Business Identities
 
Delegation of Authority
Delegation of AuthorityDelegation of Authority
Delegation of Authority
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
 
Introduction to Mobile Connect
Introduction to Mobile ConnectIntroduction to Mobile Connect
Introduction to Mobile Connect
 
General Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAMGeneral Data Protection Regulation & Customer IAM
General Data Protection Regulation & Customer IAM
 
SSH - Credentialess Cloud Access
SSH - Credentialess Cloud AccessSSH - Credentialess Cloud Access
SSH - Credentialess Cloud Access
 
Nixu - Passwords must Die!
Nixu - Passwords must Die!Nixu - Passwords must Die!
Nixu - Passwords must Die!
 
FICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong IdentificationFICORA - Building a Trust Network on Strong Identification
FICORA - Building a Trust Network on Strong Identification
 

Kürzlich hochgeladen

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

Spellpoint - Securing Access for Microservices

  • 1. SPELLPOINT N O R D I C I A M C O N F E R E N C E 2 0 1 8
  • 2. Microservice has no finger to type with Securing Access for the non-interactive 24.5.2018 Tero Pasanen, Senior IAM Architect
  • 3. Identity and Access Management (IAM)… …is needed because all data cannot be available to everyone. So how to grant and enforce right accesses efficiently …and how to ensure security.
  • 4. …this holds true for the more traditional software ecosystem, but what about the modern, agile, API based architectures?
  • 5. Well. Does it really matter? I mean, what matters to the end-user?
  • 6. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC  Monolith dusty mainframe servers  Latest buzzword friendly microservices backed by blockchain audit ledgers? 21a0d5 Service 1 Service 2
  • 7. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC What matters to the end-user… Correct data and trust …and probably usability too.
  • 8. So are we lost in digital transformation? It’s API, it’s all open to everyone Someone will take care of it, we’ll have an API for that Where do you get the data for the access control API? Someone will take care of it, we’ll have an API for that
  • 9. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC All-out API environment?  Probably not.  Consider consistent user rights across different types of sw ecosystems  Avoid platform lock-in
  • 10. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem – Remember SOA? SOA People Process Practice Platform  Existing investments?  ESB  API Gateway  SAML  OpenID Connect, Oauth, JWT  SOA – Agile?
  • 11. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem puts agility in the dead center Agility & DevOps Quick to develop Easy to deploy Possibly short- lived Easily scalable
  • 13. There are more attack surfaces in the microservices world
  • 14. So we need to authenticate and authorize  Authenticate source and target API’s  To ensure data confidentiality and integrity  Authorize end-user actions  .. in the way-way back-end systems
  • 15. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Ways to do it  API Key “Do you know who I am?”  OAuth (possibly with JWT) as bearer token “I’ve got a ticket to ride”  MSSL (Mutual Authentication) “..and I can prove it”
  • 16. Performance matters Amazon: 100ms of latency cost 1% in sales Google: extra 0.5 seconds in search page generation time dropped traffic by 20%
  • 17. Looks a lot like traditional IAM
  • 18. Take away With microservices we still have an end-point - service URL - to protect. Lo-and- behold - that is just what customer IAM SSO services do. Be efficient utilizing light weight protocols like OpenID Connect for authentication and OAuth for authorization. And provide access to legacy applications using the already established controls.
  • 19. Copyright © Spellpoint Oy, 2000 – 2018 CONFIDENTIAL SECURING THE DIGITAL EVOLUTION