Securing Microservices that are serving internal as well as external requests can become tricky. If the services are serving APIs for internal requests only, its easy to place them behind the firewalls and grant access to them from the internal systems/clients only. However, when it comes to microservices that serve external clients security becomes critical and should be given utmost importance. API Gateway pattern is an approach aimed at micro-services management and security.
A few implementations based on the above pattern are AWS API Gateway, and IBM API Manager etc. OAUTH, JWT (Tokens by Reference for External Access & Tokens by value for Internal Access) are well established approaches for securing the micro-services. Commercial Products such as Ping Access also allow for token based API/Micro-services access. The key aspect that these solutions are yet to unravel is to identify a seamless and secure way of allowing browser based clients access without having to authenticate via an Identity service. The aforementioned solutions though can be modified to facilitate such an approach. If you have micro-services that are in the cloud such as AWS or Google Cloud, AWS API Manager with its API access key solution or using a custom Authorizer can provide security for your apis.
Sunday, August 28, 2016
Sunday, May 22, 2016
Accelerated Mobile Pages aka AMP
Back in September 2015, the first official specs for the Accelerated Mobile Pages project were launched. The goal of the project is to provide a mechanism that facilitates faster delivery and rendering of content served over mobile web pages. Google is backing this project and when combined with Progressive Web Apps project it can help publishers of content as well as mobile site owners to reduce current high bounce rates attributed to a variety of performance and page load concerns. Google is also allowing free use of Google AMP Cache and has stated that "it will provide a cache that can be used by anyone at no cost, and all AMPs will be cached by Google’s cache". You can easily create your own AMP pages. Discovery of AMP pages by Google and other search engines is easily handled by the <link> tag with "amprel". AMP also provides for creating responsive page by simply appending "layout=responsive" to the AMP Html tags. Check it out at the following links
Google AMP Project
Google AMP Cache
Google AMP Project
Google AMP Cache
Subscribe to:
Posts (Atom)