Explore a conference talk that delves into securing identity and authorization in microservices architectures. Learn about the challenges posed by external API calls in microservices, including potential vulnerabilities from software supply chain attacks, privileged user compromises, and other security threats. Discover the concept of Transaction Tokens (TraTs), a new proposal in the IETF OAuth working group, and how they complement existing security protocols like SPIFFE. Understand how TraTs can assure user identity and context information in call chains, enable nesting for intermediate services, and defend against various attacks in microservice architectures. Gain insights into real-world examples and use cases that demonstrate the effectiveness of TraTs in enhancing security within complex microservices environments.
Securing Identity and Authorization in Microservices
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Securing Identity and Authorization in Microservices - Atul Tulshibagwale, SGNL
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
Securing Microservices in ASP.NET Core
-
API Security on Google Cloud's Apigee API Platform
-
Securing Multi-tenant ASP.NET 4 Web Apps
-
Cloud Security Risks: Identify and Protect Against Threats
-
The Story of Crush - Navigating the Cloud Native Ocean with SPIFFE Identity
-
Implementing Transaction Tokens with Keycloak for API Request Authentication
