AppSecCali 2019 - Authorization in Micro Services World Kubernetes, ISTIO and Open Policy Agent

UnXjwCWgBKU/default.jpg

Micro Services enables developers to break down the monolithic application into smaller and manageable micro services. It is accelerated by Cloud Native platform such as Kubernetes and ISTIO. However the challenge of enforcing finer grained authorization at API got even more complicated. Earlier the API Gateway used to be monolithic gateway that can enforce authorization policy. Now when services are being build in different platforms and deployed at a faster speed, the single monolithic gateway approach is not scalable without architectural changes. Open Policy Agent is one option that provides the programmatic flexibility to enforce authorization at end point or at data level and still maintain the interoperability using OAuth.

In this talk we will explore how Open Policy Agent can be used to enforce fine grained authorization programmatically and integrated with ISTIO. We will also compare how Kubernetes as a platform has made it possible to enforce programmatic finer grained authorization that is external to Kubernetes infrastructure. Attendees will walk away with challenges of enforcing Authorization in Micro Services world and how OPA can help achieve fine grained authorization for your Micro Services in the Kubernetes/ISTIO world. Attendees will also learn how to use OPA to enforce authorization policies for Kubernetes API.


Sitaraman Lakshminarayanan
Senior Security Architect, Pure Storage
Sitaraman Lakshminarayanan is a Sr Security Architect at Pure Storage focused on Cloud and Platform Security and Operations. He has over 20 years of experience in building security within applications and platforms. He is the author of Web Services Security using Oracle Web Services.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

UnXjwCWgBKU/default.jpg
AppSecCali 2019 - Authorization in Micro Services World Kubernetes, ISTIO and Open Policy Agent AppSecCali 2019 - Authorization in Micro Services World Kubernetes, ISTIO and Open Policy Agent Reviewed by Unknown on March 28, 2019 Rating: 5