Duration 08:57
16+
Play
Talk video

Security in microservice architecture

Nikola Milutinovic
Software Architect at Levi9
  • Video
  • Video
Voxxed Days Belgrade 2016
September 28 2016, Belgrade, Serbia
Voxxed Days Belgrade 2016
Video
Security in microservice architecture
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
To favorites
18
I like 0
I dislike 0
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
  • Description
  • Discussion

About speaker

About talk

Topic: IT

Microservices are one possible architectural choice when building scalable systems. With microservices we build many small components, focused on business use-cases, with clear interfaces between services. Components are designed to work in orchestration, each one being a part of the team, with most commonly used interface being REST API. With this in mind, we are faced with a challenge of implementing a security system that can follow this chosen architecture, without becoming a bottleneck. Also, the choice of REST API, as a specialization of HTTP protocol narrows down possible solutions to the problem.

In this talk we will first cover some theoretical aspects of security architectures. With security systems mostly focused on Identification, Authentication and Authorization, we will look into different implementations of security systems regarding these aspects.

Authentication systems will be roughly divided into three categories:

*Local (local user store)

*Distributed (NAS, LDAP, SQL-based)

*Delegated (Kerberos, OAuth2, SAML2)

Authorization is a process of deciding whether some action upon some target, by some entity, should be allowed. Authorization systems can roughly be divided into two groups:

*Target based (UNIX DAC, ACL,...)

*Subject based (RBAC, entitlements)

With this in mind and having microservices as platform to apply security to, we are faced with a challenge of choosing the right architecture, so that we harnes and not hinder the power of our chosen platform. We will argue that the best choice for the microservices architecture is delegated or token-based authentication. Given the most prevalent inter-service interface is REST API, we will look into OAuth2, SAML2 and OAuth2/JWT as authentication-authorization mechanism. With that in mind, we will show differences in authorization when using these three mechanisms. We will show some examples of using OAuth2 + JWT as token-based mechanism and see pros and cons of each approach. SAML2 being similar in some aspects to JWT will be briefly mentioned.

Share

Cackle comments for the website

Buy this talk

Access to the talk «Security in microservice architecture»
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0

Video

Access to all videos «Voxxed Days Belgrade 2016»
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
Ticket

Interested in topic «IT»?

You might be interested in videos from this event

June 4 2019
Алматы
9
0
информационная безопасность, код иб

Similar talks

David Pichsenmeister
Partner Engineer at Slack
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
Luca Mezzalira
VP of Architecture at DAZN
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0
Aimone Bodini
Creative Producer at Proxima Milano
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0

Buy this video

Video

Access to the talk 'Security in microservice architecture'
Purchased
In cart
0 ₽
0 ₽
$0
$0
€ 0
€ 0

Conference Cast

ConferenceCast.tv — conference video talk archive.

With this service you can find interesting talks especially for you!

Conference Cast
600 conferences
12896 speakers
6467 hours of content