Securing Identity and Authorization in Microservices - Atul Tulshibagwale, SGNL

less than 1 minute read

Abstract

External API calls to a service in a microservices architecture results in a call chain that invokes several microservices within a trusted domain. Software supply chain, privileged user compromise or other attacks can compromise individual microservices in a trusted domain. Compromised microservices, malicious insiders or software errors can cause spurious calls to microservices. They can impersonate users in such calls and modify or augment parameters of such calls. Transaction Tokens (TraTs) is a new proposal in the IETF OAuth working group. TraTs complement existing security protocols such as SPIFFE and assure user identity and context information in a call chain. TraTs allow nesting, enabling intermediate services to assert that they have processed a call to downstream services in a call chain. In this talk we will explain TraTs with examples and use cases, and show how they can help defend against a number of attacks in microservice architectures.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

Securing Identity and Authorization in Microservices - Atul Tulshibagwale, SGNL

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google