Authorization, Access Control and Microservices

Track: Security
Abstract

Authorization in a microservice architecture often gets the least love; as a result it is usually half baked. Many people believe that once they implement OAuth, all their problems are solved; just pass around the access token between the microserices. In truth, OAuth is only half the solution: while OAuth is great for coarse grained authorization datam, it is ill-suited for policy based access control decisions. I’ll discuss the pain of our legacy “access control in code” approach that led to building a true Policy Server based on Open Policy Agent. This talk will open your eyes to a more complete understanding of authorization, and especially access control, in a microservice architecture.

Yoel Spotts

Yoel Spotts is Director of Platform Architecture at Ware2Go, based in Atlanta. Holding degrees in Computer Science and Talmudic Law, he has 20 years of programming experience. A big fan of the JVM, Yoel has worked in Java, Groovy and Scala. No stranger to DevNexus or public speaking, Yoel attended the very first DevNexus (back before it was called DevNexus) and has presented several times in the past. When not building great software or trying to avoid learning JavaScript, Yoel enjoys hiking and spending time with his family.