SlideShare a Scribd company logo

Spellpoint - Securing Access for Microservices

Ubisecure, profile picture
Ubisecure

The document discusses challenges in identity and access management (IAM) within modern microservices architectures, emphasizing the need for efficient access control and security. It highlights the difference between traditional software ecosystems and agile API-based environments while addressing concerns about data confidentiality and integrity. The presentation also recommends using lightweight protocols such as OpenID Connect and OAuth for effective authentication and authorization.

Technology
Related topics:
Digital Identity InsightsIdentity Management
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
SPELLPOINT N O R D I C I A M C O N F E R E N C E 2 0 1 8
Microservice has no finger to type with Securing Access for the non-interactive 24.5.2018 Tero Pasanen, Senior IAM Architect
Identity and Access Management (IAM)… …is needed because all data cannot be available to everyone. So how to grant and enforce right accesses efficiently …and how to ensure security.
…this holds true for the more traditional software ecosystem, but what about the modern, agile, API based architectures?
Well. Does it really matter? I mean, what matters to the end-user?
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC  Monolith dusty mainframe servers  Latest buzzword friendly microservices backed by blockchain audit ledgers? 21a0d5 Service 1 Service 2
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC What matters to the end-user… Correct data and trust …and probably usability too.
So are we lost in digital transformation? It’s API, it’s all open to everyone Someone will take care of it, we’ll have an API for that Where do you get the data for the access control API? Someone will take care of it, we’ll have an API for that
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC All-out API environment?  Probably not.  Consider consistent user rights across different types of sw ecosystems  Avoid platform lock-in
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem – Remember SOA? SOA People Process Practice Platform  Existing investments?  ESB  API Gateway  SAML  OpenID Connect, Oauth, JWT  SOA – Agile?
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem puts agility in the dead center Agility & DevOps Quick to develop Easy to deploy Possibly short- lived Easily scalable
However…
There are more attack surfaces in the microservices world
So we need to authenticate and authorize  Authenticate source and target API’s  To ensure data confidentiality and integrity  Authorize end-user actions  .. in the way-way back-end systems
Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Ways to do it  API Key “Do you know who I am?”  OAuth (possibly with JWT) as bearer token “I’ve got a ticket to ride”  MSSL (Mutual Authentication) “..and I can prove it”
Performance matters Amazon: 100ms of latency cost 1% in sales Google: extra 0.5 seconds in search page generation time dropped traffic by 20%
Looks a lot like traditional IAM
Take away With microservices we still have an end-point - service URL - to protect. Lo-and- behold - that is just what customer IAM SSO services do. Be efficient utilizing light weight protocols like OpenID Connect for authentication and OAuth for authorization. And provide access to legacy applications using the already established controls.
Copyright © Spellpoint Oy, 2000 – 2018 CONFIDENTIAL SECURING THE DIGITAL EVOLUTION
END OF PRESENTATION

More Related Content

PDF
Kantara - Digital Identity in 2018
Ubisecure
 
PDF
Aditro - IAM as part of Cloud Business strategy
Ubisecure
 
PDF
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
Ubisecure
 
PDF
Inside Security - Strong Authentication with Smartphones
Ubisecure
 
PDF
Open Identity Exchange - the Global Growth of Digital Identity
Ubisecure
 
PDF
Telia - The New Norm of the Digital World
Ubisecure
 
PDF
Blockchain with iot
SuryaKumarSahani
 
PDF
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 
Kantara - Digital Identity in 2018
Ubisecure
 
Aditro - IAM as part of Cloud Business strategy
Ubisecure
 
GSMA - How To Combine Cross-border eID Recognition With Convenience For Users...
Ubisecure
 
Inside Security - Strong Authentication with Smartphones
Ubisecure
 
Open Identity Exchange - the Global Growth of Digital Identity
Ubisecure
 
Telia - The New Norm of the Digital World
Ubisecure
 
Blockchain with iot
SuryaKumarSahani
 
Extending the Power of Consent with User-Managed Access & OpenUMA
kantarainitiative
 

What's hot (20)

PDF
The Future of Identity - OpenID Summit 2020
OpenID Foundation Japan
 
PDF
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Cohesive Networks
 
PDF
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
PPTX
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
ForgeRock
 
PDF
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
PDF
SecureMAG Volume 6 - 2014
Chin Wan Lim
 
PPTX
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
PDF
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
ForgeRock
 
PDF
SecureMAG Vol 3
Chin Wan Lim
 
PDF
Trends in IRM: Internet of Things
ForgeRock
 
PDF
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
PDF
case-study-on-digital-identity-swisscom-mobile-id_en
Alix Murphy
 
PDF
Belgian mobile ID presents itsme
Belgian Mobile ID - itsme
 
PPTX
Smart City Lecture 1: How to build a Smart City
Peter Waher
 
PDF
A digital society needs a digital id
Capgemini
 
PDF
A Telco and End-user Perspective on the Authentication Journey
FIDO Alliance
 
PDF
Loqr
Caixa Geral Depósitos
 
PDF
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID - itsme
 
PDF
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
PPTX
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
ForgeRock
 
The Future of Identity - OpenID Summit 2020
OpenID Foundation Japan
 
Chris Swan's presentation from the London Tech Entrepreneurs' Meetup
Cohesive Networks
 
Go Beyond PSD2 Compliance with Digital Identity
ForgeRock
 
Consent 2.0: Applying User-Managed Access to the Privacy Challenge
ForgeRock
 
Blockchain Decentralized Identifier (DID) Innovation Insights from Patents
Alex G. Lee, Ph.D. Esq. CLP
 
SecureMAG Volume 6 - 2014
Chin Wan Lim
 
IDENTITY IN THE WORLD OF IOT
ForgeRock
 
The ForgeRock Identity Platform Extends CIAM, Fall 2017 Release
ForgeRock
 
SecureMAG Vol 3
Chin Wan Lim
 
Trends in IRM: Internet of Things
ForgeRock
 
Intelligent Authentication (Identity Live Berlin 2018)
ForgeRock
 
case-study-on-digital-identity-swisscom-mobile-id_en
Alix Murphy
 
Belgian mobile ID presents itsme
Belgian Mobile ID - itsme
 
Smart City Lecture 1: How to build a Smart City
Peter Waher
 
A digital society needs a digital id
Capgemini
 
A Telco and End-user Perspective on the Authentication Journey
FIDO Alliance
 
Loqr
Caixa Geral Depósitos
 
Belgian Mobile ID: taking digital ID to another level
Belgian Mobile ID - itsme
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
Gartner - ForgeRock Identity Live 2017 - Dusseldorf
ForgeRock
 
Ad

Similar to Spellpoint - Securing Access for Microservices (20)

PPTX
Leveraging open banking specifications for rigorous API security – What’s in...
Rogue Wave Software
 
PDF
[WSO2Con USA 2018] Integration is Sexy
WSO2
 
PDF
[WSO2Con Asia 2018] Integration is Sexy
WSO2
 
PPTX
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Codit
 
PDF
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
apidays
 
PPTX
Identity as a Matter of Public Safety
Adam Lewis
 
PDF
CWIN17 Rome / AI and data insights
Capgemini
 
PPTX
Identity and Client Management using OpenID Connect and SAML
pqrs1234
 
PPTX
AI Microservices APIs and Business Automation as a Service Denis Gagne
Denis Gagné
 
PDF
[WSO2 Summit Brazil 2018] The API-driven World
WSO2
 
PDF
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
Jitendra Bafna
 
PDF
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Capgemini
 
PDF
Enabling a Real-Time, Agile, Event-Driven Enterprise
Solace
 
PDF
RISE OF THE MACHINES: IRM IN AN IOT WORLD
ForgeRock
 
PDF
Gartner: Top 10 Technology Trends 2015
Den Reymer
 
PDF
Oracle Code Capgemini: API management & microservices a match made in heaven
luisw19
 
PPTX
Advanced Event Broker: what are they, and when should you use one?
Solace
 
PDF
2022 APIsecure_Harnessing the Speed of Innovation
APIsecure_ Official
 
PDF
OUGN 2018 - Chatbot and the need to integrate
Jon Petter Hjulstad
 
PDF
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays
 
Leveraging open banking specifications for rigorous API security – What’s in...
Rogue Wave Software
 
[WSO2Con USA 2018] Integration is Sexy
WSO2
 
[WSO2Con Asia 2018] Integration is Sexy
WSO2
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Codit
 
INTERFACE, by apidays - Knowledge Workers of the World Unite.pdf
apidays
 
Identity as a Matter of Public Safety
Adam Lewis
 
CWIN17 Rome / AI and data insights
Capgemini
 
Identity and Client Management using OpenID Connect and SAML
pqrs1234
 
AI Microservices APIs and Business Automation as a Service Denis Gagne
Denis Gagné
 
[WSO2 Summit Brazil 2018] The API-driven World
WSO2
 
MuleSoft Surat Virtual Meetup#19 - Identity and Client Management With MuleSoft
Jitendra Bafna
 
Oracle Code Beijing/Sydney APIM & Microservices: A Match Made in Heaven
Capgemini
 
Enabling a Real-Time, Agile, Event-Driven Enterprise
Solace
 
RISE OF THE MACHINES: IRM IN AN IOT WORLD
ForgeRock
 
Gartner: Top 10 Technology Trends 2015
Den Reymer
 
Oracle Code Capgemini: API management & microservices a match made in heaven
luisw19
 
Advanced Event Broker: what are they, and when should you use one?
Solace
 
2022 APIsecure_Harnessing the Speed of Innovation
APIsecure_ Official
 
OUGN 2018 - Chatbot and the need to integrate
Jon Petter Hjulstad
 
apidays Helsinki & North 2023 - API Security in the era of Generative AI, Mat...
apidays
 
Ad

More from Ubisecure (17)

PDF
User Management, Enablement, Directory
Ubisecure
 
PDF
Identity Platform Use Cases
Ubisecure
 
PDF
Single Sign-On
Ubisecure
 
PDF
Multi-Factor Authentication & Authorisation
Ubisecure
 
PDF
Identity Data & Credential Self-Service
Ubisecure
 
PDF
Using Strong / Verified Identities
Ubisecure
 
PDF
Using Social & Business Identities
Ubisecure
 
PDF
Delegation of Authority
Ubisecure
 
PDF
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
PDF
Protecting your APIs with OAuth 2.0
Ubisecure
 
PDF
Customer IAM vs Employee IAM (Legacy IAM)
Ubisecure
 
PDF
An Introduction to Authentication for Applications
Ubisecure
 
PDF
Introduction to Mobile Connect
Ubisecure
 
PDF
General Data Protection Regulation & Customer IAM
Ubisecure
 
PDF
SSH - Credentialess Cloud Access
Ubisecure
 
PDF
Nixu - Passwords must Die!
Ubisecure
 
PDF
FICORA - Building a Trust Network on Strong Identification
Ubisecure
 
User Management, Enablement, Directory
Ubisecure
 
Identity Platform Use Cases
Ubisecure
 
Single Sign-On
Ubisecure
 
Multi-Factor Authentication & Authorisation
Ubisecure
 
Identity Data & Credential Self-Service
Ubisecure
 
Using Strong / Verified Identities
Ubisecure
 
Using Social & Business Identities
Ubisecure
 
Delegation of Authority
Ubisecure
 
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
Protecting your APIs with OAuth 2.0
Ubisecure
 
Customer IAM vs Employee IAM (Legacy IAM)
Ubisecure
 
An Introduction to Authentication for Applications
Ubisecure
 
Introduction to Mobile Connect
Ubisecure
 
General Data Protection Regulation & Customer IAM
Ubisecure
 
SSH - Credentialess Cloud Access
Ubisecure
 
Nixu - Passwords must Die!
Ubisecure
 
FICORA - Building a Trust Network on Strong Identification
Ubisecure
 

Recently uploaded (20)

PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Teaching material agriculture food technology
LiaRayya
 
Cloud computing and distributed systems.
kkkkkhan
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Shreyas Phanse Resume: Experienced Backend Engineer | Java • Spring Boot • Ka...
SHREYAS PHANSE
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 

Spellpoint - Securing Access for Microservices

  • 1. SPELLPOINT N O R D I C I A M C O N F E R E N C E 2 0 1 8
  • 2. Microservice has no finger to type with Securing Access for the non-interactive 24.5.2018 Tero Pasanen, Senior IAM Architect
  • 3. Identity and Access Management (IAM)… …is needed because all data cannot be available to everyone. So how to grant and enforce right accesses efficiently …and how to ensure security.
  • 4. …this holds true for the more traditional software ecosystem, but what about the modern, agile, API based architectures?
  • 5. Well. Does it really matter? I mean, what matters to the end-user?
  • 6. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC  Monolith dusty mainframe servers  Latest buzzword friendly microservices backed by blockchain audit ledgers? 21a0d5 Service 1 Service 2
  • 7. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC What matters to the end-user… Correct data and trust …and probably usability too.
  • 8. So are we lost in digital transformation? It’s API, it’s all open to everyone Someone will take care of it, we’ll have an API for that Where do you get the data for the access control API? Someone will take care of it, we’ll have an API for that
  • 9. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC All-out API environment?  Probably not.  Consider consistent user rights across different types of sw ecosystems  Avoid platform lock-in
  • 10. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem – Remember SOA? SOA People Process Practice Platform  Existing investments?  ESB  API Gateway  SAML  OpenID Connect, Oauth, JWT  SOA – Agile?
  • 11. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Microservices ecosystem puts agility in the dead center Agility & DevOps Quick to develop Easy to deploy Possibly short- lived Easily scalable
  • 13. There are more attack surfaces in the microservices world
  • 14. So we need to authenticate and authorize  Authenticate source and target API’s  To ensure data confidentiality and integrity  Authorize end-user actions  .. in the way-way back-end systems
  • 15. Copyright © Spellpoint Oy, 2000 – 2018 PUBLIC Ways to do it  API Key “Do you know who I am?”  OAuth (possibly with JWT) as bearer token “I’ve got a ticket to ride”  MSSL (Mutual Authentication) “..and I can prove it”
  • 16. Performance matters Amazon: 100ms of latency cost 1% in sales Google: extra 0.5 seconds in search page generation time dropped traffic by 20%
  • 17. Looks a lot like traditional IAM
  • 18. Take away With microservices we still have an end-point - service URL - to protect. Lo-and- behold - that is just what customer IAM SSO services do. Be efficient utilizing light weight protocols like OpenID Connect for authentication and OAuth for authorization. And provide access to legacy applications using the already established controls.
  • 19. Copyright © Spellpoint Oy, 2000 – 2018 CONFIDENTIAL SECURING THE DIGITAL EVOLUTION