TRACK 11 – OWASP
Application Security
WHERE?
Lillehammer Kino sal 2
WHEN?
Tuesday, 09:45 - 10:15
Language
English
Anders Eknert, Developer Advocate, Manage
ABOUT THE PRESENTATION
With our digital systems growing increasingly distributed and our tech stacks increasingly heterogeneous, we need to devise new models around both identity and access control. In this presentation we’ll explore a distributed, scalable model for API security, identity and authorization policy enforcement in a microservice environment. After a brief introduction to the technologies involved, we’ll take a deep dive into an architecture utilizing OAuth2 and OpenID Connect for carrying identity across our distributed systems, and how once identity is established, we may leverage Open Policy Agent (OPA) for fine-grained policy based access control in our APIs. We’ll learn how to use Rego, the policy language used by OPA, to write concise and clear policies for access control, as well as methods for distributing them across our platforms and how to monitor policy enforcement in real-time.
ABOUT THE PRESENTER
Developer advocate and a member of the Open Policy Agent team at Styra with a long background in software development, security and identity systems in primarily distributed environments. Interested in organizational structures and problems as much as he is in technical challenges. When not in front of his computer he enjoys watching football, cooking and Belgian beers.