Session Abstract: In a past on-premises enterprise IT era, before cloud computing came along, access to web applications in large organizations was often realized through a centralized web access management tool. Upon adopting cloud computing, applications would be migrated out of enterprise-managed data centers and networks to public cloud infrastructure, which made it hard or even impossible to rely on those legacy access management mechanisms. Applications and application data would now reside in a third-party domain, which changes the security posture, and affects the network access requirements and legacy domain-wide authentication cookies.
On top of that, these organizations would also see a rapid increase in application use across business units, with most apps becoming mobile-first and/or API-driven. The result has been a natural change in the access management paradigm away from a centralized access management system towards a more distributed and delegated one.
In this presentation we describe how to create a modern cloud-oriented distributed and delegated access management infrastructure, implemented using OpenID Connect and OAuth 2.0 micro-services.