Overview
Explore a comprehensive overview of securing modern API and microservice-based applications in this 45-minute conference talk from LASCON 2019. Gain a high-level understanding of contemporary API and microservices architectures, learn about key security concerns, and discover best practices for securing microservices and their APIs. Benefit from the speaker's extensive experience in building security architecture patterns and solutions for a major global financial institution, and acquire actionable architectural insights. Delve into topics such as monolithic vs. microservice applications, service-oriented architecture, API gateways, security benefits, user-level security context, end-to-end trust, service-level mutual authentication, token exchange, authorization, rate limiting, and group policy.
Syllabus
Introduction
Presentation Overview
Agenda
What are Microservices
Monolithic Applications
Microservice Applications
ServiceOriented Architecture
Microservices
API
Web API
API Gateway
Security Benefits
NonSecurity Benefits
User Level Security Context
EndtoEnd Trust
Service Level Mutual Authentication
Token Exchange Endpoint
Token Exchange Architecture
User Level Internet Trust
Authorization
Authentication and Authorization
Invocation
Rate Limiting
Group Policy
Takeaway
Taught by
LASCON