SlideShare a Scribd company logo

Cloud design patterns - Federated Identity & Gatekeeper

Download as PPTX, PDF
Roger Chien
Roger Chien

The document discusses two cloud design patterns: the federated identity pattern and the gatekeeper pattern. The federated identity pattern improves user authentication by delegating it to an external identity provider, though it presents challenges such as single points of failure and complex role-based access management. The gatekeeper pattern adds a security layer by validating and sanitizing requests between clients and services, protecting sensitive information, but also comes with risks like performance impacts and potential vulnerabilities.

Technology
1 of 10
Downloaded 39 times
1
2
3
4
5
6
7
8
9
10
Presented by: Roger Chien Mar 2014 Content is from “Cloud design patterns – perspective architecture guidance for cloud applications”, by Microsoft. Cloud Design Patterns Federated Identity & Gatekeeper Pattern
Federated Identity Pattern  Delegate authentication to external identity provider  LDAP inAAA.  Eliminates the need of multiple login credentials for every service. (e.g. Open-ID)  More easily for privilege management. (people leave and fine grain control)  Application and services can save the overhead of identity management.
Federated Identity Pattern Could be chain of trust In STS.
Federated Identity Pattern - Issues  Can be single point of failure.  Need fine grain control for features & resources via Role based access control (RBAC).  Need to maintain user information for claim based authentication (thru registration)  If there is multiple STS, have to deal with sign-in redirection.
Federated Identity Pattern - Example  User in large enterprise to use SaaS application onWindowsAzure.
Gatekeeper Pattern  Using a dedicated host instance that acts as a broker between clients and applications/services, validates and sanitizes requests and passes requests and data between them.  Add another layer of security and reduce attack surface.  Fit for:  Applications that handle sensitive information, expose services that must have high a degree of protection from malicious attacks, or perform mission-critical operations that must not be disrupted.  Distributed applications where it is necessary to perform request validation separately from the main tasks, or to centralize this validation to simplify maintenance and administration.
Gatekeeper Pattern
Gatekeeper Pattern  Controlled validation: validates all requests and rejects those didn’t meet requirement.  Limited risk and exposure: Gatekeeper itself is not access to credentials and keys. If gatekeeper is compromised, those information are not exposed.  Appropriate security: Run gatekeeper in a limited privilege mode.  Gatekeeper is actually an application firewall.
Gatekeeper Pattern - Issues  The trusted nodes only expose necessary interfaces to Gatekeeper.  Run in limited privilege mode (Gatekeeper and trusted nodes are in separated hosted services orVM)  Gatekeeper only do validation and sanitization, not touch any processing related to services/applications.  Secure channel (SSL/TLS/HTTPS) is required for communication between Gatekeeper & trusted nodes.  Performance impact.  Could be single point of failure.
Gatekeeper Pattern - Example

More Related Content

What's hot (20)

PPTX
CCNA 4 Hierarchical Network Design
Jonathan Alvarado Covarrubias
 
PPTX
Application server vs Web Server
Gagandeep Singh
 
PPTX
AWS ELB - Fundamentals
Piyush Agrawal
 
PDF
Introduction to WordPress for Beginners
R-Cubed Design Forge
 
PPTX
Soap vs rest
Antonio Severien
 
PDF
AWS IAM
Diego Pacheco
 
PDF
AWS Well-Architected Framework
run_frictionless
 
PDF
Responsive web design
Russ Weakley
 
PDF
Learn REST in 18 Slides
Suraj Gupta
 
PPT
Introduction to the Web API
Brad Genereaux
 
PPTX
Types of server
IGZ Software house
 
PDF
Spring Web Services: SOAP vs. REST
Sam Brannen
 
PPT
LDAP
Khemnath Chauhan
 
PDF
Introduction to XHTML
Hend Al-Khalifa
 
PPTX
VLAN
Varsha Honde
 
PPT
Understanding IIS
Om Vikram Thapa
 
PPTX
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
PDF
CSS3 Media Queries
Russ Weakley
 
PPTX
Restful web services ppt
OECLIB Odisha Electronics Control Library
 
PPT
7 Important Tips for Website Maintenance Services
Website Maintenance Expert
 
CCNA 4 Hierarchical Network Design
Jonathan Alvarado Covarrubias
 
Application server vs Web Server
Gagandeep Singh
 
AWS ELB - Fundamentals
Piyush Agrawal
 
Introduction to WordPress for Beginners
R-Cubed Design Forge
 
Soap vs rest
Antonio Severien
 
AWS IAM
Diego Pacheco
 
AWS Well-Architected Framework
run_frictionless
 
Responsive web design
Russ Weakley
 
Learn REST in 18 Slides
Suraj Gupta
 
Introduction to the Web API
Brad Genereaux
 
Types of server
IGZ Software house
 
Spring Web Services: SOAP vs. REST
Sam Brannen
 
LDAP
Khemnath Chauhan
 
Introduction to XHTML
Hend Al-Khalifa
 
VLAN
Varsha Honde
 
Understanding IIS
Om Vikram Thapa
 
Understanding REST APIs in 5 Simple Steps
Tessa Mero
 
CSS3 Media Queries
Russ Weakley
 
Restful web services ppt
OECLIB Odisha Electronics Control Library
 
7 Important Tips for Website Maintenance Services
Website Maintenance Expert
 

Viewers also liked (20)

PPTX
Windows azure learning poster
Mahmoud Moussa
 
PPTX
Cloud architecture
Mahmoud Moussa
 
PPT
Getting Cloud Architecture Right the First Time Ver 2
David Linthicum
 
PPTX
Cloud Design Pattern part1
Masashi Narumoto
 
PDF
CIS14: Why Federated Access Needs a Federated Identity
CloudIDSummit
 
PDF
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld
 
PPTX
Linthicum next generation-iaa s-paas-and-database-as-a-service
David Linthicum
 
PPTX
Cloud Design Pattern part2
Masashi Narumoto
 
PDF
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust
 
PDF
人類とデプロイの歴史(ネタなのでご容赦)
Keiichi Hashimoto
 
PPTX
Servcie Fabric and Cloud Design Pattern
Takekazu Omi
 
PDF
CMPE282_009994036_PROJECT_REPORT
Sandyarathi Das
 
PDF
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
PDF
Forecast 2014: Cloud-Aware Applications
Open Data Center Alliance
 
PPTX
MicroServices on Azure
Sergey Seletsky
 
PPTX
Ten^H^H^H Many Cloud App Design Patterns
Shlomo Swidler
 
PPTX
Microservices and Azure App Services
Damir Dobric
 
PDF
Distributed Design and Architecture of Cloud Foundry
Derek Collison
 
PDF
Towards the Cloud: Architecture Patterns and VDI Story
IT Expert Club
 
PDF
Simplify Localization with Design Pattern Automation
Yan Cui
 
Windows azure learning poster
Mahmoud Moussa
 
Cloud architecture
Mahmoud Moussa
 
Getting Cloud Architecture Right the First Time Ver 2
David Linthicum
 
Cloud Design Pattern part1
Masashi Narumoto
 
CIS14: Why Federated Access Needs a Federated Identity
CloudIDSummit
 
VMworld 2013: NSX PCI Reference Architecture Workshop Session 3 - Operational...
VMworld
 
Linthicum next generation-iaa s-paas-and-database-as-a-service
David Linthicum
 
Cloud Design Pattern part2
Masashi Narumoto
 
PCI-DSS Compliant Cloud - Design & Architecture Best Practices
HyTrust
 
人類とデプロイの歴史(ネタなのでご容赦)
Keiichi Hashimoto
 
Servcie Fabric and Cloud Design Pattern
Takekazu Omi
 
CMPE282_009994036_PROJECT_REPORT
Sandyarathi Das
 
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
Forecast 2014: Cloud-Aware Applications
Open Data Center Alliance
 
MicroServices on Azure
Sergey Seletsky
 
Ten^H^H^H Many Cloud App Design Patterns
Shlomo Swidler
 
Microservices and Azure App Services
Damir Dobric
 
Distributed Design and Architecture of Cloud Foundry
Derek Collison
 
Towards the Cloud: Architecture Patterns and VDI Story
IT Expert Club
 
Simplify Localization with Design Pattern Automation
Yan Cui
 
Ad

Similar to Cloud design patterns - Federated Identity & Gatekeeper (20)

PPTX
Cloud Design Patterns
Taswar Bhatti
 
PPTX
8 cloud design patterns you ought to know - Update Conference 2018
Taswar Bhatti
 
PPTX
Cloud patterns at Carleton University
Taswar Bhatti
 
PPTX
Cloud Design Patterns - Hong Kong Codeaholics
Taswar Bhatti
 
PPTX
Cloud patterns forwardjs April Ottawa 2019
Taswar Bhatti
 
PDF
Patterns and Antipatterns in Enterprise Security
WSO2
 
PPTX
Reinforcing Your Enterprise With Security Architectures
Uthaiyashankar
 
PPTX
Guide to security patterns for cloud systems and data security in aws and azure
Abdul Khan
 
PDF
Security Patterns for Software Development
Narudom Roongsiriwong, CISSP
 
PDF
Identity Federation Patterns with WSO2 Identity Server​
WSO2
 
PDF
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
PDF
Making Security Approachable for Developers and Operators
ArmonDadgar
 
PDF
Governance and Security Solution Patterns
WSO2
 
PPTX
Azure architecture design patterns - proven solutions to common challenges
Ivo Andreev
 
PPTX
Cloud design pattern
Areeba jabeen
 
PDF
Secure design best practices and design patterns
Intopalo Digital Oy
 
PDF
Security Patterns: Research Direction, Metamodel, Application and Verification
Hironori Washizaki
 
PPTX
18CSE442 Cloud Security Introduction SRM.pptx
191013607gouthamsric
 
PDF
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
PDF
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET Journal
 
Cloud Design Patterns
Taswar Bhatti
 
8 cloud design patterns you ought to know - Update Conference 2018
Taswar Bhatti
 
Cloud patterns at Carleton University
Taswar Bhatti
 
Cloud Design Patterns - Hong Kong Codeaholics
Taswar Bhatti
 
Cloud patterns forwardjs April Ottawa 2019
Taswar Bhatti
 
Patterns and Antipatterns in Enterprise Security
WSO2
 
Reinforcing Your Enterprise With Security Architectures
Uthaiyashankar
 
Guide to security patterns for cloud systems and data security in aws and azure
Abdul Khan
 
Security Patterns for Software Development
Narudom Roongsiriwong, CISSP
 
Identity Federation Patterns with WSO2 Identity Server​
WSO2
 
Protecting microservices using secure design patterns 1.0
Trupti Shiralkar, CISSP
 
Making Security Approachable for Developers and Operators
ArmonDadgar
 
Governance and Security Solution Patterns
WSO2
 
Azure architecture design patterns - proven solutions to common challenges
Ivo Andreev
 
Cloud design pattern
Areeba jabeen
 
Secure design best practices and design patterns
Intopalo Digital Oy
 
Security Patterns: Research Direction, Metamodel, Application and Verification
Hironori Washizaki
 
18CSE442 Cloud Security Introduction SRM.pptx
191013607gouthamsric
 
Zerotrusting serverless applications protecting microservices using secure d...
Trupti Shiralkar, CISSP
 
IRJET- Model-Driven Platform for Service Security and Framework for Data ...
IRJET Journal
 
Ad

Recently uploaded (20)

PDF
HR agent at Mediq: Lessons learned on Agent Builder & Maestro by Tacstone Tec...
UiPathCommunity
 
PDF
Arcee AI - building and working with small language models (06/25)
Julien SIMON
 
PDF
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
PPTX
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
PDF
Upgrading to z_OS V2R4 Part 01 of 02.pdf
Flavio787771
 
PDF
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
PDF
Upskill to Agentic Automation 2025 - Kickoff Meeting
DianaGray10
 
PDF
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
PPT
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
PPTX
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
PDF
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
PDF
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
PDF
Impact of IEEE Computer Society in Advancing Emerging Technologies including ...
Hironori Washizaki
 
PDF
Smart Air Quality Monitoring with Serrax AQM190 LITE
SERRAX TECHNOLOGIES LLP
 
PDF
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
PPTX
Building and Operating a Private Cloud with CloudStack and LINBIT CloudStack ...
ShapeBlue
 
PDF
Are there government-backed agri-software initiatives in Limerick.pdf
giselawagner2
 
PDF
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
PPTX
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
PDF
Wojciech Ciemski for Top Cyber News MAGAZINE. June 2025
Dr. Ludmila Morozova-Buss
 
HR agent at Mediq: Lessons learned on Agent Builder & Maestro by Tacstone Tec...
UiPathCommunity
 
Arcee AI - building and working with small language models (06/25)
Julien SIMON
 
NewMind AI - Journal 100 Insights After The 100th Issue
NewMind AI
 
Extensions Framework (XaaS) - Enabling Orchestrate Anything
ShapeBlue
 
Upgrading to z_OS V2R4 Part 01 of 02.pdf
Flavio787771
 
Building Resilience with Digital Twins : Lessons from Korea
SANGHEE SHIN
 
Upskill to Agentic Automation 2025 - Kickoff Meeting
DianaGray10
 
Complete JavaScript Notes: From Basics to Advanced Concepts.pdf
haydendavispro
 
Interview paper part 3, It is based on Interview Prep
SoumyadeepGhosh39
 
✨Unleashing Collaboration: Salesforce Channels & Community Power in Patna!✨
SanjeetMishra29
 
Novus-Safe Pro: Brochure-What is Novus Safe Pro?.pdf
Novus Hi-Tech
 
CloudStack GPU Integration - Rohit Yadav
ShapeBlue
 
Impact of IEEE Computer Society in Advancing Emerging Technologies including ...
Hironori Washizaki
 
Smart Air Quality Monitoring with Serrax AQM190 LITE
SERRAX TECHNOLOGIES LLP
 
Women in Automation Presents: Reinventing Yourself — Bold Career Pivots That ...
DianaGray10
 
Building and Operating a Private Cloud with CloudStack and LINBIT CloudStack ...
ShapeBlue
 
Are there government-backed agri-software initiatives in Limerick.pdf
giselawagner2
 
CIFDAQ Weekly Market Wrap for 11th July 2025
CIFDAQ
 
MSP360 Backup Scheduling and Retention Best Practices.pptx
MSP360
 
Wojciech Ciemski for Top Cyber News MAGAZINE. June 2025
Dr. Ludmila Morozova-Buss
 

Cloud design patterns - Federated Identity & Gatekeeper

  • 1. Presented by: Roger Chien Mar 2014 Content is from “Cloud design patterns – perspective architecture guidance for cloud applications”, by Microsoft. Cloud Design Patterns Federated Identity & Gatekeeper Pattern
  • 2. Federated Identity Pattern  Delegate authentication to external identity provider  LDAP inAAA.  Eliminates the need of multiple login credentials for every service. (e.g. Open-ID)  More easily for privilege management. (people leave and fine grain control)  Application and services can save the overhead of identity management.
  • 3. Federated Identity Pattern Could be chain of trust In STS.
  • 4. Federated Identity Pattern - Issues  Can be single point of failure.  Need fine grain control for features & resources via Role based access control (RBAC).  Need to maintain user information for claim based authentication (thru registration)  If there is multiple STS, have to deal with sign-in redirection.
  • 5. Federated Identity Pattern - Example  User in large enterprise to use SaaS application onWindowsAzure.
  • 6. Gatekeeper Pattern  Using a dedicated host instance that acts as a broker between clients and applications/services, validates and sanitizes requests and passes requests and data between them.  Add another layer of security and reduce attack surface.  Fit for:  Applications that handle sensitive information, expose services that must have high a degree of protection from malicious attacks, or perform mission-critical operations that must not be disrupted.  Distributed applications where it is necessary to perform request validation separately from the main tasks, or to centralize this validation to simplify maintenance and administration.
  • 8. Gatekeeper Pattern  Controlled validation: validates all requests and rejects those didn’t meet requirement.  Limited risk and exposure: Gatekeeper itself is not access to credentials and keys. If gatekeeper is compromised, those information are not exposed.  Appropriate security: Run gatekeeper in a limited privilege mode.  Gatekeeper is actually an application firewall.
  • 9. Gatekeeper Pattern - Issues  The trusted nodes only expose necessary interfaces to Gatekeeper.  Run in limited privilege mode (Gatekeeper and trusted nodes are in separated hosted services orVM)  Gatekeeper only do validation and sanitization, not touch any processing related to services/applications.  Secure channel (SSL/TLS/HTTPS) is required for communication between Gatekeeper & trusted nodes.  Performance impact.  Could be single point of failure.