Unlocking the mysteries of distributed microservice authorization
In a monolith, authorization is easy. In a microservices world, you have to make hard choices about your data model and the abstractions on top of which authorization rules are built. Wilfried Schobeiri and Kasey Klipsch share an approach to implementing distributed authorization in a microservices context, covering fallacies, common pitfalls, and best practices along the way.
| Talk Title | Unlocking the mysteries of distributed microservice authorization |
| Speakers | Wilfried Schobeiri (MediaMath), Kasey Klipsch (MediaMath) |
| Conference | O’Reilly Software Architecture Conference |
| Conf Tag | Engineering the Future of Software |
| Location | London, United Kingdom |
| Date | October 16-18, 2017 |
| URL | Talk Page |
| Slides | Talk Slides |
| Video | |
In a monolith, authorization is easy. In a microservices world, you have to make hard choices about your data model and the abstractions on top of which authorization rules are built. Authorization requires either a centralized arbitrator of rules or distributable rules that are business specific and must be performant. These rules are important in both user-facing and service-to-service contexts. This leads one to the following design principles: So how do you develop and implement an authorization ruleset that respects the federation/decomposition of business logic across services while also being easy to use? Wilfried Schobeiri and Kasey Klipsch share an approach to implementing distributed authorization in a microservices context, covering fallacies, common pitfalls, and best practices along the way.
