Security by design is applicable to the microservices paradigm the same way it is applicable to any software architecture. Monolithic applications handle end user authentication and authorization in a central manner, but with microservices, each independent module has to perform necessary end user authentication and authorization along with validating service-to-service trust.
Adding to that, the granularity of these services, and frequent interactions between them makes securing microservices more challenging. Using the same approach to solve security considerations of monolithic services is not applicable.
Moreover, current authentication and authorization protocols cannot directly address these requirements, so they need the flexibility of identity and access managers to adapt to the required changes.
In this session, Darshana will talk about the challenges of securing microservices, best practices to overcome them, and expectation of IAM in the microservices architecture.