Microservice Security

27 views
Skip to first unread message

Dan Mullins

unread,
Aug 15, 2017, 2:01:34 PM8/15/17
to Central-Iowa-J...@googlegroups.com
How are people doing security in the new Microservice revolution? 

Is each Microservice responsible for validating incoming requests or do you use a central API gateway?

Dan

Kevin....@wellsfargo.com

unread,
Aug 15, 2017, 3:55:55 PM8/15/17
to central-iowa-j...@googlegroups.com

This is a great question and have been wondering myself what others are doing. We are evolving our microservices strategy and looking at a combination of API Gateway for security, then storing identity and claims in a JSON Web Token (JWT) with a short TTL. Sort of rolling our own at the moment…

 

 

Kevin Hinners

 

Apps Systems Engineer

Imaging Services

 

Wells Fargo | 795 S Jordan Creek Parkway | West Des Moines, IA 50266

MAC X2301-014

Tel 515-398-4369 | Cell 515-664-1153

 

kevin....@wellsfargo.com

--
--
Visit http://www.cijug.net for more information
 
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To post to this group, send email to Central-Iowa-J...@googlegroups.com
To unsubscribe from this group, send email to Central-Iowa-Java-Us...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/Central-Iowa-Java-Users-Group?hl=en

---
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to central-iowa-java-us...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ryan Bergman

unread,
Aug 15, 2017, 3:55:55 PM8/15/17
to central-iowa-j...@googlegroups.com
We have been routing though AWS API Gateway as the central proxy. We have also used Akana....but not sure I wouldn't recommend it.

That said, I'll be speaking on proper "microservice/macroservice/monolith" sizing at dsmAgile in October: http://dsmagile.agileiowa.org/ (If Gifford would ever get the page updated ::troll::)

Ryan


--
--
Visit http://www.cijug.net for more information
 
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To post to this group, send email to Central-Iowa-Java-Users-Group@googlegroups.com
To unsubscribe from this group, send email to Central-Iowa-Java-Users-Group-unsub...@googlegroups.com

For more options, visit this group at http://groups.google.com/group/Central-Iowa-Java-Users-Group?hl=en

---
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to central-iowa-java-users-group+unsub...@googlegroups.com.

Adam Hill

unread,
Aug 15, 2017, 5:31:33 PM8/15/17
to central-iowa-j...@googlegroups.com
If you need full control and enjoy/need DIY infrastructure there are a few central security services that segregate auth and security from your micro service.  I've been curious about these two in particular:

https://www.cilium.io - the dockercon demo is pretty cool

https://developer.ibm.com/dwblog/2017/istio/ / https://istio.io/ 

As mentioned the cloud based gateways / load balances of the world are baking in more and more security as time goes on.

Dan Mullins

unread,
Aug 15, 2017, 6:56:44 PM8/15/17
to central-iowa-j...@googlegroups.com
What if you're not running in AWS? Anyone looking at on-premise API gateways?

On Tue, Aug 15, 2017 at 2:55 PM Ryan Bergman <ryan.b...@gmail.com> wrote:
We have been routing though AWS API Gateway as the central proxy. We have also used Akana....but not sure I wouldn't recommend it.

That said, I'll be speaking on proper "microservice/macroservice/monolith" sizing at dsmAgile in October: http://dsmagile.agileiowa.org/ (If Gifford would ever get the page updated ::troll::)

Ryan

On Tue, Aug 15, 2017 at 12:43 PM, Dan Mullins <dmull...@gmail.com> wrote:
How are people doing security in the new Microservice revolution? 

Is each Microservice responsible for validating incoming requests or do you use a central API gateway?

Dan

--
--
Visit http://www.cijug.net for more information
 
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To post to this group, send email to Central-Iowa-J...@googlegroups.com
To unsubscribe from this group, send email to Central-Iowa-Java-Us...@googlegroups.com

For more options, visit this group at http://groups.google.com/group/Central-Iowa-Java-Users-Group?hl=en

---
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to central-iowa-java-us...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--
--
Visit http://www.cijug.net for more information
 
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To post to this group, send email to Central-Iowa-J...@googlegroups.com
To unsubscribe from this group, send email to Central-Iowa-Java-Us...@googlegroups.com

For more options, visit this group at http://groups.google.com/group/Central-Iowa-Java-Users-Group?hl=en

---
You received this message because you are subscribed to the Google Groups "Central Iowa Java Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to central-iowa-java-us...@googlegroups.com.

Paul Rowe

unread,
Aug 16, 2017, 10:08:56 AM8/16/17
to central-iowa-j...@googlegroups.com
I’ve had a lot of luck using openID connect jwt bearer tokens in the app (spring security/asp.net etc). I feel like an API gateway is overkill unless you want a unified API surface across multiple micro services or you need API limits etc.  
Reply all
Reply to author
Forward
0 new messages