Michele Leroux Bustamante

CIO; Solliance
Michele Leroux Bustamante is co-founder / CIO at Solliance (solliance.net), co-founder of PolicyServer (policyserver.io), a Cloud/Security architect, a Docker Captain, Microsoft Regional Director and Microsoft Azure MVP. Michele is a thought leader recognized in many fields including software architecture and design, identity and access management, cloud computing technologies, security and compliance, and Microservices/DevOps. During the past 20 years, Michele has held senior executive positions at several corporations, assembled teams, implemented development process, and facilitated numerous successful large-scale enterprise application deployments. Michele leads the Security and Microservices practices at Solliance and shares practical experiences via international keynotes, presentations and workshops. Michele has been publishing regularly during her entire career, and wrote the best-selling book ''Learning WCF'' (O'Reilly 2007) and Developing Microsoft Azure Solutions (MS Press, 2017).

Michele's Session


Thursday, June 27
5:35 - 6:00 pm
Cabinet
Surviving API Security in a Microservices World
Identity is hard, microservices is hard, together...yep, that's hard too. Microservices solutions by design have many services, more granular and focused in nature, grouped by business domain and capability. It requires discipline, governance and practice to deliver a robust and production ready microservices solution. By nature, microservices expose endpoints, typically as APIs, that require a modern approach to security - preferably based on secure bearer tokens such as OAuth 2.0 JWT. This session describes several architectural approaches to illustrate patterns and practices for API token security including APIs called by server-side web applications, SPA applications or Mobile applications; back-end APIs called by client applications or through user token delegation; the potential pros/cons of API gateways handling token security; and approaches for governance of API security across a multi-domain, enterprise microservices solution. You'll learn recommended ways to apply Open ID Connect and OAuth 2.0 protocol flows for each scenario to reduce risk.

Enter your details to receive email updates from Identiverse