Securing Microservices that are serving internal as well as external requests can become tricky. If the services are serving APIs for internal requests only, its easy to place them behind the firewalls and grant access to them from the internal systems/clients only. However, when it comes to microservices that serve external clients security becomes critical and should be given utmost importance. API Gateway pattern is an approach aimed at micro-services management and security.
A few implementations based on the above pattern are AWS API Gateway, and IBM API Manager etc. OAUTH, JWT (Tokens by Reference for External Access & Tokens by value for Internal Access) are well established approaches for securing the micro-services. Commercial Products such as Ping Access also allow for token based API/Micro-services access. The key aspect that these solutions are yet to unravel is to identify a seamless and secure way of allowing browser based clients access without having to authenticate via an Identity service. The aforementioned solutions though can be modified to facilitate such an approach. If you have micro-services that are in the cloud such as AWS or Google Cloud, AWS API Manager with its API access key solution or using a custom Authorizer can provide security for your apis.
Sunday, August 28, 2016
Subscribe to:
Posts (Atom)
Responsibilities Of A Leader
Someone asked me about 3 key responsibilities of a leader, #ResponsibilitiesOfALeader 1) Be available to your team. Give priority to your...
-
Spring @scheduler vs. Quartz Scheduler Spring Scheduler is a truly light weight implementation that will suffice for simple scheduling ne...
-
Someone asked me about 3 key responsibilities of a leader, #ResponsibilitiesOfALeader 1) Be available to your team. Give priority to your...
-
Work like a startup, Deliver like a startup (Agility), and offer nothing less than a Ritzy customer experience