Authentication & Authorization for the Microservices World

Joachim AndresDirector, Product Management

Authentication & Authorizationfor the Microservices World

KuppingerCole Webinar, Dec 5th, 2017

HTTP(S) / MQTT / COAP / MQTTHTTP(S)

User IdentitiesDevice IdentitiesThing Identities

Region 1 Region 2 Region 3

Data ReplicationHigh Availability

DIRECTORY SERVICES

Agent / Proxy / Standards / REST Edge Controller / Message Broker

REST / LDAP

ForgeRock: Driving Relationships Across People, Services, Things

Partner Run Customer Run

Privacy FirstOffers modern privacy and consent tools including a Profile and Privacy Management dashboard, UMA 2.0 support for compliance with GDPR, PSD2, Open Banking, etc

Identity IntelligencePlatform that enables relationships, access, policy, lifecycle across users, devices and things

Persistent IdentityEliminate digital silos and create unified experience – people, services, things

Run AnywhereRun across multiple landscapes

Massive ScaleHighly-performant, highly available, database for managing millions of relationships

ACCESS MANAGEMENTFine-grained, adaptive authentication, etc

IDENTITY MANAGEMENTProfile & privacy management, relationships, etc

The Microservices World

Authentication vs. Authorization

MS1MS0 MS3MS2

MS4 MS5

Service

Authentication Authorization

AuthN / AuthZProvider

People (and devices)

Services and Things

Characteristicsof a sound security strategy

Simplicity

Consistency

Modernizing

Adaptable

Simplicity Consistency

Modernizing Adaptable

Bringing security to life

Microservices Gateway

MS1MS0 MS3MS2

MS6MS5 MS8MS7

Microservices GatewayForgeRock Identity Gateway

Authentication and Authorization Service

ForgeRock Access Management

Caller

• Token Issuance• Token Validation• Token Exchange

• Enforce token validity• Caching• Signature Validation

Microservices Segmentation

MS1MS0

MS6MS5

MS8MS7

Caller

• Enforce token validity• Caching• Signature Validation• All gateways point to AM

µGatewayForgeRock IG

Microgateways

MS1MS0

Caller

MS3MS2

MS6MS5

MS8MS7

• Enforce token validity• Caching• Signature Validation• All gateways point to AM

Microservices in PaaS environments

Client Load Balancer

ForgeRockAccess Management

ForgeRockIdentity Gateway

ForgeRockService Broker

IDENTITY PLATFORM

CF Route Service

MS1MS0

CF Router

Benefits of Externalizing SecurityThink globally, act locally

Download the ForgeRock Identity Platform white paper at www.forgerock.com/platform/Got questions? Contact us at www.forgerock.com/contact/

Execute a sound security strategy

Leverage a solution that’s simple, consistent, modernizing, and adaptable.

Support DevOps and innovation

Deploy authentication and authorization where you need it, when you need it.

Holistic approach with persistent identity Integrate identity across apps and services for increased security and scale.

Thank You

Authentication & Authorization for the Microservices World

Technology

Authentication - University of Southern Californiacsci530l/slides/lab-authentication-color.pdf · authentication != authorization – authorization establishes what user can do once

Forms Authentication, Authorization, User Accounts, and Roles :: …€¦ · Forms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization Introduction

Authentication Authorization and Accounting Configuration ...AAA Authentication General Configuration Procedure 4 RADIUS Change of Authorization 5 Change-of-Authorization Requests

Authentication, Authorization, & Identity Management

Forms Authentication, Authorization, User Accounts, and ... · PDF fileForms Authentication, Authorization, User Accounts, and Roles :: User-Based Authorization ... ASP.NET makes it

UAG Authentication and Authorization- part1

Authentication and Authorization in gLite

Authentication and Authorization in Condor

Why an API API strategy? - OCTO · PDF fileStateless decoupled µ-services, ... In a microservices implementation, ... • Authentication, Authorization, Accounting is

Forms Authentication, Authorization, User Accounts, and …download.microsoft.com/.../aspnet_tutorial02_FormsAuth_vb.pdf · Forms Authentication, Authorization, User Accounts, and

Authentication, Authorization, and Audit Design Pattern ... · Authentication, Authorization, and Audit Design Pattern: External User Authentication Office of Technology Strategies

Kernel Authentication & Authorization for J2EE … AUTHENTICATION & AUTHORIZATION FOR J2EE (KAAJEE) ... JavaBean Example: ... x Kernel Authentication & Authorization for Java 2 Enterprise

Authentication and Authorization in Asp.Net

Authentication and Authorization Infrastructure

Authentication, Authorization, Accounting Breakout Session

ESPC15 - Extending Authentication and Authorization

Best Practices: Authentication & Authorization Infrastructure€¢Tokens: in modern security standards are all about them. •Decoupling authentication / authorization (OIDC authentication

Authorization and Authentication in gLite

Authentication & Authorization Assaf Gottlieb

Stateless authentication for microservices applications - JavaLand 2015