Microservices and security

Common security patterns used in most API architectures

For future students on the course "Microservice Architecture" prepared a traditional translation of the material.



Also, we invite everyone to an open webinar on the topic
"Distributed message queues on the example of kafka."






What are microservices?

— , , - -, .





, , ?





Lego, , , Lego.





, , Lego, Lego.





, Lego , , , .





Lego.





Separate microservice
The finished application (containing several loosely coupled microservices)
( )









  •  





  •  













, . .





(Layered Defense)

«API-led ». API-led , API .





. , API- (API-gateways) .





API - AuthN AuthZ .





(Access and Identity Tokens)

— , .





, , , , .





OAuth OpenID — .





SAML (Security Assertion Markup Language — )

SAML , . SAML . , , .





JWT (- JSON) JOSE

JWT — , JSON-. , . JWT ( HMAC) / RSA.





PASETO (Platform Agnostic SEcurity TOken — , )

PASETO — , URL- , , cookie HTTP, HTTP URI. PASETO , JSON-, , .





PASETO JOSE (JOSE Standards Family) , JOSE ( «alg» JWT), PASETO .





/ API. API , . , API 10 , OWASP.





API API , , API.





, Docker Hub:





HTTPS 

SSL — . SSL HTTPS -. HTTPS — , , HTTP SSL. SSL SSL-, (digital certificate).






«Microservice Architecture».





« ».








All Articles