Engineering the Future of Software
16–18 October 2017: Conference & Tutorials
18–19 October 2017: Training
London, UK

Unlocking the mysteries of distributed microservice authorization

Wilfried Schobeiri (MediaMath), Kasey Klipsch (MediaMath)
14:1515:05 Tuesday, 17 October 2017
Integration architecture
Location: Buckingham Room - Palace Suite Level: Intermediate
Average rating: ***..
(3.00, 7 ratings)

Prerequisite Knowledge

  • A basic understanding of microservices and authentication and authorization (ideally, hands-on experience with authentication and authorization schemes such as OAuth and JWT)

What you'll learn

  • Explore a viable approach to implementing distributed authorization in a microservices context

Description

In a monolith, authorization is easy. In a microservices world, you have to make hard choices about your data model and the abstractions on top of which authorization rules are built. Authorization requires either a centralized arbitrator of rules or distributable rules that are business specific and must be performant. These rules are important in both user-facing and service-to-service contexts.

This leads one to the following design principles:

  1. Management of what a user’s rules are should occur in one place.
  2. Resolution of the rules should be distributable.
  3. Creation of rules about data should be done by the data owner.
  4. Services other than the owners of the data must be allowed to display data to a user.
  5. An authorization system must not assume all use cases are request/reply single entity contexts.
  6. Rule resolution about data must not require talking to the owner of the data.

So how do you develop and implement an authorization ruleset that respects the federation/decomposition of business logic across services while also being easy to use? Wilfried Schobeiri and Kasey Klipsch share an approach to implementing distributed authorization in a microservices context, covering fallacies, common pitfalls, and best practices along the way.

Photo of Wilfried Schobeiri

Wilfried Schobeiri

MediaMath

Wilfried Schobeiri is the CTO at MediaMath, where he leads development of MediaMath’s digital marketing platform, which powers the operations of thousands of marketers. A software architect with experience in distributed systems, behavioral analytics, and data science, Wil is a lifetime technologist and entrepreneur. He launched his first tech startup in high school out of his parent’s basement. He is obsessed with building great teams, great engineering cultures, and great technology. Previously, he led development at a number of startups, including gaming ad platform Tap.Me (acquired by MediaMath).

Photo of Kasey Klipsch

Kasey Klipsch

MediaMath

Kasey Klipsch is a principal engineer at MediaMath, where he works on backend infrastructure. Kasey is passionate about the craft of software creation, mentorship and developer hiring. Previously, he built software in a wide variety of industries, including quantitative finance, high-frequency trading, and online education. He holds a bachelor’s degree in computer science from Indiana University.

Leave a Comment or Question

Help us make this conference the best it can be for you. Have questions you'd like this speaker to address? Suggestions for issues that deserve extra attention? Feedback that you'd like to share with the speaker and other attendees?

Join the conversation here (requires login)