Modern architecture for security is a very interesting topic these days for companies and the services they provide. In this era of cloud computing and access to every resource at any time, this becomes even more interesting.
This posts presents a talk given on the topic By Brock Allen, at the last DevIntersection 2017 conference in Las Vegas.
Brock is an application security architect who specializes in .NET, web development, and web-based security with over 20 years of industry experience. Brock is the co-author of many security-related open source frameworks including IdentityServer, IdentityManager, and MembershipReboot.
User authentication…Database of user names and passwords… OpenID Connect … Those are all terms we hear in the context of security.
At the beginning was Active Directory… which provided a way to locate any object within an organization’s network. This helps with users security in the context or organizations.
What about when a business partner (BP) needs its employees to have access to your security through a set of privileges? Would you create entries for those BP users/employees in your system? What happens then after those users no longer work for this BP?
Federation then came in. It allows for clean separation between the service a client is accessing and the associated authentication and authorization procedures
The following illustration shows an example of federated security.
This scenario includes two organizations: A and B. Organization B has a Web resource (a Web service) that some users in organization A find valuable.
(From Brock talk)
And today we have our modern applications access design. (From Brock talk)
We also have OpenID Connect…
Click the picture below to access the talk given by Brock.