© 2017 ForgeRock. All rights reserved.
© 2017 ForgeRock. All rights reserved.
Joachim AndresDirector, Product Management
Authentication & Authorizationfor the Microservices World
KuppingerCole Webinar, Dec 5th, 2017
© 2017 ForgeRock. All rights reserved.
HTTP(S) / MQTT / COAP / MQTTHTTP(S)
User IdentitiesDevice IdentitiesThing Identities
User IdentitiesDevice IdentitiesThing Identities
User IdentitiesDevice IdentitiesThing Identities
Region 1 Region 2 Region 3
Data ReplicationHigh Availability
Data ReplicationHigh Availability
DIRECTORY SERVICES
Agent / Proxy / Standards / REST Edge Controller / Message Broker
REST / LDAP
ForgeRock: Driving Relationships Across People, Services, Things
Partner Run Customer Run
Privacy FirstOffers modern privacy and consent tools including a Profile and Privacy Management dashboard, UMA 2.0 support for compliance with GDPR, PSD2, Open Banking, etc
Identity IntelligencePlatform that enables relationships, access, policy, lifecycle across users, devices and things
Persistent IdentityEliminate digital silos and create unified experience – people, services, things
Run AnywhereRun across multiple landscapes
Massive ScaleHighly-performant, highly available, database for managing millions of relationships
ACCESS MANAGEMENTFine-grained, adaptive authentication, etc
IDENTITY MANAGEMENTProfile & privacy management, relationships, etc
© 2017 ForgeRock. All rights reserved.
The Microservices World
© 2017 ForgeRock. All rights reserved.
Authentication vs. Authorization
MS1MS0 MS3MS2
MS6
MS4 MS5
Service
Authentication Authorization
AuthN
AuthZ
AuthN / AuthZProvider
People (and devices)
Services and Things
© 2017 ForgeRock. All rights reserved.
Characteristicsof a sound security strategy
© 2017 ForgeRock. All rights reserved.
Simplicity
© 2017 ForgeRock. All rights reserved.
Consistency
© 2017 ForgeRock. All rights reserved.
Modernizing
© 2017 ForgeRock. All rights reserved.
Adaptable
© 2017 ForgeRock. All rights reserved.
Simplicity Consistency
Modernizing Adaptable
© 2017 ForgeRock. All rights reserved.
Bringing security to life
© 2017 ForgeRock. All rights reserved.
Microservices Gateway
MS1MS0 MS3MS2
MS6MS5 MS8MS7
Microservices GatewayForgeRock Identity Gateway
MS4
Authentication and Authorization Service
ForgeRock Access Management
Caller
• Token Issuance• Token Validation• Token Exchange
• Enforce token validity• Caching• Signature Validation
© 2017 ForgeRock. All rights reserved.
Microservices Segmentation
MS1MS0
MS3
MS2
MS6MS5
MS8MS7
Microservices GatewayForgeRock Identity Gateway
MS4
Caller
Authentication and Authorization Service
ForgeRock Access Management
• Token Issuance• Token Validation• Token Exchange
• Enforce token validity• Caching• Signature Validation• All gateways point to AM
Microservices GatewayForgeRock Identity Gateway
© 2017 ForgeRock. All rights reserved.
µGatewayForgeRock IG
µGatewayForgeRock IG
Microgateways
MS1MS0
Caller
µGatewayForgeRock IG
µGatewayForgeRock IG
MS3MS2
µGatewayForgeRock IG
MS4
µGatewayForgeRock IG
µGatewayForgeRock IG
MS6MS5
µGatewayForgeRock IG
µGatewayForgeRock IG
MS8MS7
Authentication and Authorization Service
ForgeRock Access Management
• Token Issuance• Token Validation• Token Exchange
• Enforce token validity• Caching• Signature Validation• All gateways point to AM
© 2017 ForgeRock. All rights reserved.
Microservices in PaaS environments
Client Load Balancer
ForgeRockAccess Management
ForgeRockIdentity Gateway
ForgeRockService Broker
IDENTITY PLATFORM
CF Route Service
MS1MS0
MS2
MS3
CF Router
1 2
36
4
5
7
8
© 2017 ForgeRock. All rights reserved.
Benefits of Externalizing SecurityThink globally, act locally
Download the ForgeRock Identity Platform white paper at www.forgerock.com/platform/Got questions? Contact us at www.forgerock.com/contact/
Execute a sound security strategy
Leverage a solution that’s simple, consistent, modernizing, and adaptable.
Support DevOps and innovation
Deploy authentication and authorization where you need it, when you need it.
Holistic approach with persistent identity Integrate identity across apps and services for increased security and scale.
© 2017 ForgeRock. All rights reserved.
Thank You