SlideShare a Scribd company logo

Cloud design patterns - Federated Identity & Gatekeeper

Download as PPTX, PDF
Roger Chien
Roger Chien

This is short slides about federated identity and gatekeeper pattern. The source is from "Cloud design patterns" by Microsoft.

Technology
1 of 10
Presented by: Roger Chien Mar 2014 Content is from “Cloud design patterns – perspective architecture guidance for cloud applications”, by Microsoft. Cloud Design Patterns Federated Identity & Gatekeeper Pattern
Federated Identity Pattern  Delegate authentication to external identity provider  LDAP inAAA.  Eliminates the need of multiple login credentials for every service. (e.g. Open-ID)  More easily for privilege management. (people leave and fine grain control)  Application and services can save the overhead of identity management.
Federated Identity Pattern Could be chain of trust In STS.
Federated Identity Pattern - Issues  Can be single point of failure.  Need fine grain control for features & resources via Role based access control (RBAC).  Need to maintain user information for claim based authentication (thru registration)  If there is multiple STS, have to deal with sign-in redirection.
Federated Identity Pattern - Example  User in large enterprise to use SaaS application onWindowsAzure.
Gatekeeper Pattern  Using a dedicated host instance that acts as a broker between clients and applications/services, validates and sanitizes requests and passes requests and data between them.  Add another layer of security and reduce attack surface.  Fit for:  Applications that handle sensitive information, expose services that must have high a degree of protection from malicious attacks, or perform mission-critical operations that must not be disrupted.  Distributed applications where it is necessary to perform request validation separately from the main tasks, or to centralize this validation to simplify maintenance and administration.
Gatekeeper Pattern
Gatekeeper Pattern  Controlled validation: validates all requests and rejects those didn’t meet requirement.  Limited risk and exposure: Gatekeeper itself is not access to credentials and keys. If gatekeeper is compromised, those information are not exposed.  Appropriate security: Run gatekeeper in a limited privilege mode.  Gatekeeper is actually an application firewall.
Gatekeeper Pattern - Issues  The trusted nodes only expose necessary interfaces to Gatekeeper.  Run in limited privilege mode (Gatekeeper and trusted nodes are in separated hosted services orVM)  Gatekeeper only do validation and sanitization, not touch any processing related to services/applications.  Secure channel (SSL/TLS/HTTPS) is required for communication between Gatekeeper & trusted nodes.  Performance impact.  Could be single point of failure.
Gatekeeper Pattern - Example

Recommended

Blockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptxBlockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptxThe NorthCap University
 
Edge computing
Edge computingEdge computing
Edge computingAbhayDhupar
 
Rain technology
Rain technologyRain technology
Rain technologyYamuna Devi
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing BasicsSagar Sane
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityRashmi Agale
 
NFT Explained
NFT ExplainedNFT Explained
NFT Explained101 Blockchains
 
LPWAN Cost Webinar
LPWAN Cost WebinarLPWAN Cost Webinar
LPWAN Cost WebinarBrian Ray
 
Fog Computing
Fog ComputingFog Computing
Fog ComputingMohit Jaju
 

Recommended

Blockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptxBlockchain by Aman Thakur.pptx
Blockchain by Aman Thakur.pptxThe NorthCap University
 
Edge computing
Edge computingEdge computing
Edge computingAbhayDhupar
 
Rain technology
Rain technologyRain technology
Rain technologyYamuna Devi
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing BasicsSagar Sane
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityRashmi Agale
 
NFT Explained
NFT ExplainedNFT Explained
NFT Explained101 Blockchains
 
LPWAN Cost Webinar
LPWAN Cost WebinarLPWAN Cost Webinar
LPWAN Cost WebinarBrian Ray
 
Fog Computing
Fog ComputingFog Computing
Fog ComputingMohit Jaju
 
IOT and Application Performance Monitoring
IOT and Application Performance MonitoringIOT and Application Performance Monitoring
IOT and Application Performance MonitoringSupongkiba Kichu
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentationMuhammad Usama Zuberi
 
NFC technical presentation
NFC technical presentationNFC technical presentation
NFC technical presentationAkshat Rohatgi
 
Lamp technology
Lamp technologyLamp technology
Lamp technologyHarish Sabbani
 
Low code with Flowable
Low code with FlowableLow code with Flowable
Low code with FlowableFlowable
 
Crypto Currency
Crypto CurrencyCrypto Currency
Crypto CurrencySundar B N
 
IronPort
IronPortIronPort
IronPortNetwax Lab
 
Cloud computing project report
Cloud computing project reportCloud computing project report
Cloud computing project reportNaveed Farooq
 
Sdn ppt
Sdn pptSdn ppt
Sdn pptPallavi Chhikara
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain TechnologyMithileysh Sathiyanarayanan
 
20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging TechnologiesSeminar Links
 
Fog computing
Fog computingFog computing
Fog computingAnkit_ap
 
Mobile cloud computing.pptx
Mobile cloud computing.pptxMobile cloud computing.pptx
Mobile cloud computing.pptxMejanurRahmanJunayed
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBiagio Botticelli
 
Iot architecture
Iot architectureIot architecture
Iot architectureAnam Iqbal
 
Connected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaConnected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaKai Wähner
 
Blockchain ppt
Blockchain pptBlockchain ppt
Blockchain pptWajihawaseem
 
Nfc ppt
Nfc pptNfc ppt
Nfc pptVivek Prasad
 
Digital Certificate Verification based on blockchain ethereum
Digital Certificate Verification based on blockchain ethereumDigital Certificate Verification based on blockchain ethereum
Digital Certificate Verification based on blockchain ethereumnurhaniffah1
 
Windows azure learning poster
Windows azure learning posterWindows azure learning poster
Windows azure learning posterMahmoud Moussa
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architectureMahmoud Moussa
 

More Related Content

What's hot

IOT and Application Performance Monitoring
IOT and Application Performance MonitoringIOT and Application Performance Monitoring
IOT and Application Performance MonitoringSupongkiba Kichu
 
NFC technical presentation
NFC technical presentationNFC technical presentation
NFC technical presentationAkshat Rohatgi
 
Low code with Flowable
Low code with FlowableLow code with Flowable
Low code with FlowableFlowable
 
Crypto Currency
Crypto CurrencyCrypto Currency
Crypto CurrencySundar B N
 
Cloud computing project report
Cloud computing project reportCloud computing project report
Cloud computing project reportNaveed Farooq
 
20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging TechnologiesSeminar Links
 
Fog computing
Fog computingFog computing
Fog computingAnkit_ap
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBiagio Botticelli
 
Iot architecture
Iot architectureIot architecture
Iot architectureAnam Iqbal
 
Connected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaConnected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaKai Wähner
 
Digital Certificate Verification based on blockchain ethereum
Digital Certificate Verification based on blockchain ethereumDigital Certificate Verification based on blockchain ethereum
Digital Certificate Verification based on blockchain ethereumnurhaniffah1
 

What's hot (20)

IOT and Application Performance Monitoring
IOT and Application Performance MonitoringIOT and Application Performance Monitoring
IOT and Application Performance Monitoring
 
Cloud computing presentation
Cloud computing presentationCloud computing presentation
Cloud computing presentation
 
NFC technical presentation
NFC technical presentationNFC technical presentation
NFC technical presentation
 
Lamp technology
Lamp technologyLamp technology
Lamp technology
 
Low code with Flowable
Low code with FlowableLow code with Flowable
Low code with Flowable
 
Crypto Currency
Crypto CurrencyCrypto Currency
Crypto Currency
 
IronPort
IronPortIronPort
IronPort
 
Cloud computing project report
Cloud computing project reportCloud computing project report
Cloud computing project report
 
Sdn ppt
Sdn pptSdn ppt
Sdn ppt
 
Blockchain Technology
Blockchain TechnologyBlockchain Technology
Blockchain Technology
 
20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies20 Latest Computer Science Seminar Topics on Emerging Technologies
20 Latest Computer Science Seminar Topics on Emerging Technologies
 
Fog computing
Fog computingFog computing
Fog computing
 
Mobile cloud computing.pptx
Mobile cloud computing.pptxMobile cloud computing.pptx
Mobile cloud computing.pptx
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
Blockchain for IoT - Smart Home
Blockchain for IoT - Smart HomeBlockchain for IoT - Smart Home
Blockchain for IoT - Smart Home
 
Iot architecture
Iot architectureIot architecture
Iot architecture
 
Connected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache KafkaConnected Vehicles and V2X with Apache Kafka
Connected Vehicles and V2X with Apache Kafka
 
Blockchain ppt
Blockchain pptBlockchain ppt
Blockchain ppt
 
Nfc ppt
Nfc pptNfc ppt
Nfc ppt
 
Digital Certificate Verification based on blockchain ethereum
Digital Certificate Verification based on blockchain ethereumDigital Certificate Verification based on blockchain ethereum
Digital Certificate Verification based on blockchain ethereum
 

Viewers also liked

Windows azure learning poster
Windows azure learning posterWindows azure learning poster
Windows azure learning posterMahmoud Moussa
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2David Linthicum
 
Cloud Design Pattern part1
Cloud Design Pattern part1Cloud Design Pattern part1
Cloud Design Pattern part1Masashi Narumoto
 
CIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCloudIDSummit
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld
 
Linthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-serviceLinthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-serviceDavid Linthicum
 
Cloud Design Pattern part2
Cloud Design Pattern part2Cloud Design Pattern part2
Cloud Design Pattern part2Masashi Narumoto
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesHyTrust
 
人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)Keiichi Hashimoto
 
Servcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design PatternServcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design PatternTakekazu Omi
 
CMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTCMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTSandyarathi Das
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
Ten^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design PatternsTen^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design PatternsShlomo Swidler
 
Microservices and Azure App Services
Microservices and Azure App ServicesMicroservices and Azure App Services
Microservices and Azure App ServicesDamir Dobric
 
Distributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud FoundryDistributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud FoundryDerek Collison
 
Towards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI StoryTowards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI StoryIT Expert Club
 
Simplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern AutomationSimplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern AutomationYan Cui
 

Viewers also liked (20)

Windows azure learning poster
Windows azure learning posterWindows azure learning poster
Windows azure learning poster
 
Cloud architecture
Cloud architectureCloud architecture
Cloud architecture
 
Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2Getting Cloud Architecture Right the First Time Ver 2
Getting Cloud Architecture Right the First Time Ver 2
 
Cloud Design Pattern part1
Cloud Design Pattern part1Cloud Design Pattern part1
Cloud Design Pattern part1
 
CIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated IdentityCIS14: Why Federated Access Needs a Federated Identity
CIS14: Why Federated Access Needs a Federated Identity
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
 
Linthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-serviceLinthicum next generation-iaa s-paas-and-database-as-a-service
Linthicum next generation-iaa s-paas-and-database-as-a-service
 
Cloud Design Pattern part2
Cloud Design Pattern part2Cloud Design Pattern part2
Cloud Design Pattern part2
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best PracticesPCI-DSS Compliant Cloud - Design & Architecture Best Practices
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
 
人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)人類とデプロイの歴史(ネタなのでご容赦)
人類とデプロイの歴史(ネタなのでご容赦)
 
Servcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design PatternServcie Fabric and Cloud Design Pattern
Servcie Fabric and Cloud Design Pattern
 
CMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORTCMPE282_009994036_PROJECT_REPORT
CMPE282_009994036_PROJECT_REPORT
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Forecast 2014: Cloud-Aware Applications
Forecast 2014: Cloud-Aware Applications Forecast 2014: Cloud-Aware Applications
Forecast 2014: Cloud-Aware Applications
 
MicroServices on Azure
MicroServices on AzureMicroServices on Azure
MicroServices on Azure
 
Ten^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design PatternsTen^H^H^H Many Cloud App Design Patterns
Ten^H^H^H Many Cloud App Design Patterns
 
Microservices and Azure App Services
Microservices and Azure App ServicesMicroservices and Azure App Services
Microservices and Azure App Services
 
Distributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud FoundryDistributed Design and Architecture of Cloud Foundry
Distributed Design and Architecture of Cloud Foundry
 
Towards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI StoryTowards the Cloud: Architecture Patterns and VDI Story
Towards the Cloud: Architecture Patterns and VDI Story
 
Simplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern AutomationSimplify Localization with Design Pattern Automation
Simplify Localization with Design Pattern Automation
 

Similar to Cloud design patterns - Federated Identity & Gatekeeper

Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introductionwardell henley
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...apidays
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudAjit Bhingarkar
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsIJERA Editor
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015James Tramel
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Kesavan Munuswamy
 
Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2 Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2 Igor Miniailo
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
Remote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageRemote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageIJMER
 
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...Vlad Mihnea
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 

Similar to Cloud design patterns - Federated Identity & Gatekeeper (20)

Iam suite introduction
Iam suite introductionIam suite introduction
Iam suite introduction
 
Saas security
Saas securitySaas security
Saas security
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Implementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloudImplementing zero trust architecture in azure hybrid cloud
Implementing zero trust architecture in azure hybrid cloud
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
Microservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerationsMicroservice architecture-api-gateway-considerations
Microservice architecture-api-gateway-considerations
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patterns
 
MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015MS Cloud Design Patterns Infographic 2015
MS Cloud Design Patterns Infographic 2015
 
Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015Ms cloud design patterns infographic 2015
Ms cloud design patterns infographic 2015
 
Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2 Applying Code Customizations to Magento 2
Applying Code Customizations to Magento 2
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
Remote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud StorageRemote Access and Dual Authentication for Cloud Storage
Remote Access and Dual Authentication for Cloud Storage
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018 Silicon Valley IDSA Meetup October 2018
Silicon Valley IDSA Meetup October 2018
 
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
Ymens - Bouncing off clouds - Rapid Development for Cloud Ready Applications...
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 

Recently uploaded

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Recently uploaded (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Cloud design patterns - Federated Identity & Gatekeeper

  • 1. Presented by: Roger Chien Mar 2014 Content is from “Cloud design patterns – perspective architecture guidance for cloud applications”, by Microsoft. Cloud Design Patterns Federated Identity & Gatekeeper Pattern
  • 2. Federated Identity Pattern  Delegate authentication to external identity provider  LDAP inAAA.  Eliminates the need of multiple login credentials for every service. (e.g. Open-ID)  More easily for privilege management. (people leave and fine grain control)  Application and services can save the overhead of identity management.
  • 3. Federated Identity Pattern Could be chain of trust In STS.
  • 4. Federated Identity Pattern - Issues  Can be single point of failure.  Need fine grain control for features & resources via Role based access control (RBAC).  Need to maintain user information for claim based authentication (thru registration)  If there is multiple STS, have to deal with sign-in redirection.
  • 5. Federated Identity Pattern - Example  User in large enterprise to use SaaS application onWindowsAzure.
  • 6. Gatekeeper Pattern  Using a dedicated host instance that acts as a broker between clients and applications/services, validates and sanitizes requests and passes requests and data between them.  Add another layer of security and reduce attack surface.  Fit for:  Applications that handle sensitive information, expose services that must have high a degree of protection from malicious attacks, or perform mission-critical operations that must not be disrupted.  Distributed applications where it is necessary to perform request validation separately from the main tasks, or to centralize this validation to simplify maintenance and administration.
  • 8. Gatekeeper Pattern  Controlled validation: validates all requests and rejects those didn’t meet requirement.  Limited risk and exposure: Gatekeeper itself is not access to credentials and keys. If gatekeeper is compromised, those information are not exposed.  Appropriate security: Run gatekeeper in a limited privilege mode.  Gatekeeper is actually an application firewall.
  • 9. Gatekeeper Pattern - Issues  The trusted nodes only expose necessary interfaces to Gatekeeper.  Run in limited privilege mode (Gatekeeper and trusted nodes are in separated hosted services orVM)  Gatekeeper only do validation and sanitization, not touch any processing related to services/applications.  Secure channel (SSL/TLS/HTTPS) is required for communication between Gatekeeper & trusted nodes.  Performance impact.  Could be single point of failure.