AppSec California 2019

Micro Services enables developers to break down the monolithic application into smaller and manageable micro services. It is accelerated by Cloud Native platform such as Kubernetes and ISTIO. However the challenge of enforcing finer grained authorization at API got even more complicated. Earlier the API Gateway used to be monolithic gateway that can enforce authorization policy. Now when services are being build in different platforms and deployed at a faster speed, the single monolithic gateway approach is not scalable without architectural changes. Open Policy Agent is one option that provides the programmatic flexibility to enforce authorization at end point or at data level and still maintain the interoperability using OAuth.

In this talk we will explore how Open Policy Agent can be used to enforce fine grained authorization programmatically and integrated with ISTIO. We will also compare how Kubernetes as a platform has made it possible to enforce programmatic finer grained authorization that is external to Kubernetes infrastructure. Attendees will walk away with challenges of enforcing Authorization in Micro Services world and how OPA can help achieve fine grained authorization for your Micro Services in the Kubernetes/ISTIO world. Attendees will also learn how to use OPA to enforce authorization policies for Kubernetes API.