authentication & authorization for the microservices world


Joachim AndresDirector, Product Management

Authentication & Authorizationfor the Microservices World

KuppingerCole Webinar, Dec 5th, 2017


HTTP(S) / MQTT / COAP / MQTTHTTP(S)

User IdentitiesDevice IdentitiesThing Identities



Region 1 Region 2 Region 3

Data ReplicationHigh Availability

Data ReplicationHigh Availability

DIRECTORY SERVICES

Agent / Proxy / Standards / REST Edge Controller / Message Broker

REST / LDAP

ForgeRock: Driving Relationships Across People, Services, Things

Partner Run Customer Run

Privacy FirstOffers modern privacy and consent tools including a Profile and Privacy Management dashboard, UMA 2.0 support for compliance with GDPR, PSD2, Open Banking, etc

Identity IntelligencePlatform that enables relationships, access, policy, lifecycle across users, devices and things

Persistent IdentityEliminate digital silos and create unified experience – people, services, things

Run AnywhereRun across multiple landscapes

Massive ScaleHighly-performant, highly available, database for managing millions of relationships

ACCESS MANAGEMENTFine-grained, adaptive authentication, etc

IDENTITY MANAGEMENTProfile & privacy management, relationships, etc


The Microservices World


Authentication vs. Authorization

MS1MS0 MS3MS2

MS6

MS4 MS5

Service

Authentication Authorization

AuthN

AuthZ

AuthN / AuthZProvider

People (and devices)

Services and Things


Characteristicsof a sound security strategy


Simplicity


Consistency


Modernizing


Adaptable


Simplicity Consistency

Modernizing Adaptable


Bringing security to life


Microservices Gateway

MS1MS0 MS3MS2

MS6MS5 MS8MS7

Microservices GatewayForgeRock Identity Gateway

MS4

Authentication and Authorization Service

ForgeRock Access Management

Caller

• Token Issuance• Token Validation• Token Exchange

• Enforce token validity• Caching• Signature Validation


Microservices Segmentation

MS1MS0

MS3

MS2

MS6MS5

MS8MS7


MS4

Caller




• Enforce token validity• Caching• Signature Validation• All gateways point to AM



µGatewayForgeRock IG


Microgateways

MS1MS0

Caller



MS3MS2


MS4



MS6MS5



MS8MS7




• Enforce token validity• Caching• Signature Validation• All gateways point to AM


Microservices in PaaS environments

Client Load Balancer

ForgeRockAccess Management

ForgeRockIdentity Gateway

ForgeRockService Broker

IDENTITY PLATFORM

CF Route Service

MS1MS0

MS2

MS3

CF Router

1 2

36

4

5

7

8


Benefits of Externalizing SecurityThink globally, act locally

Download the ForgeRock Identity Platform white paper at www.forgerock.com/platform/Got questions? Contact us at www.forgerock.com/contact/

Execute a sound security strategy

Leverage a solution that’s simple, consistent, modernizing, and adaptable.

Support DevOps and innovation

Deploy authentication and authorization where you need it, when you need it.

Holistic approach with persistent identity Integrate identity across apps and services for increased security and scale.

http://www.forgerock.com/platform/

http://www.forgerock.com/contact/


Thank You

authentication & authorization for the microservices world

Technology