DevOps and Dev-Oops sessions cover:
- DevOps (obviously!)
- Databases and database disasters
- Distributed systems
- Systems engineering
- Infrastructure security
- War stories, failures and anti-patterns with running operations and infrastructure
Rootconf is a forum for:
- DevOps engineers
- Systems engineers
- Software engineers
- DevOps leads
- Infrastructure security professionals and experts
- Cloud service providers
- Providers of the pieces on which an organization’s IT infrastructure runs -- monitoring, log management, alerting, etc
- Engineering managers looking to optimize infrastructure and teams
Contact information: If you have questions, call Rootconf on 7676332020 or email rootconf.editorial@hasgeek.com
GC
Gaurav Chaware
@gchaware
Microservices Authorization with Open Policy Agent
Submitted May 4, 2020
Duration of the session::
40 mins full talk
Category of talk:
Security
Authorization is the key challenge in a microservices architecture. For each API call, users need to be authenticated and authorized. While authentication can be taken care of centrally at the API gateway layer, authorization is left for each microservice. Each microservice will need to validate the user permissions and the entity it is trying to access. Problem of course is to ensure decoupled authorization can be implemented without compromising the security of the application.
Open Policy Agent (OPA) makes it easy to write fine-grained, context-aware policies to implement API authorization. This talk will focus on various architectural patterns to implement microservices API authorization with Open Policy Agent. We will cover how OPA can decouple the policy enforcement from implementation and integrate with external data sources to add context for authorization decisions (e.g. with LDAP).
The target audience for this talk are the Microservices Solution Architects, Security Architects and Application Developers. Whether you have already implemented a microservices based application or looking to move to microservices, or even if you are looking for Authorization solutions for APIs in your monolithic application, this talk is for you.
Key takeaways are :
- Overview of Open Policy Agent
- Various architectural patterns for implementing API authorization with OPA
- Decoupling authorization from implementation with context aware authorization
- When and Where to use each of the patterns
- Pros and cons of OPA approach
Outline #
I will start with a basic implementation to introduce the concepts and progressively, take advanced architectural patterns.
- Introduction to Open Policy Agent
- Authorization Patterns with OPA
- Integration with external data sources for contextual decision making
- Authorization Patterns with OPA - Demo
- OPA Istio Plugin
- Open Policy Agent Management APIs + Demo
Requirements #
No special requirements for the session. If you want to try out the demo as I explain it, bring along a laptop with git client, minikube / kind, and opa binaries installed.
Speaker bio #
I am working with InfraCloud Technologies as a Senior Technology Architect. I have been working in the Software Services industry (previously with Infosys and Cognizant) for 14 years and have vast experience in Microservices and cloud native architecture.
I am currently involved in projects involving OPA setup at multiple medium and large organisations. And, active in the OPA community with Slack handle @Gaurav. I have also given presentations about OPA at Kubernetes Forums, 2020 for both Delhi and Bengaluru.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}