DevOps & Cloud Security
Facebook Twitter LinkedIn

City of The Hague: Adding Access Control to Microservice Architectures for ZTA

Combined Session
Wednesday, May 10, 2023 16:00—16:15
Location: A 03-04

The Common Ground movement of the Dutch municipalities is developing innovative solutions for greater interoperability. An important part of this is the data landscape, where functionality is accessed through microservice API’s. In the analysis of this architecture, one aspect is barely touched upon: The Access Control aspect in API’s is not appropriately co-developed.

The Municipality of The Hague has performed a Proof Of Architecture (the POA) to demonstrate that it is possible to unlock an existing API in which access is not explicitly modeled, or that still uses traditional Role Based Access Control methods internally, restricting interoperability across contexts.

The POA is done in an effective and efficient way through innovative 'zero trust architecture' concepts, such as Policy Based Access Control. Security and privacy are thus demonstrably realized in accordance with legal requirements. The POA proves that it is technically feasible to add input-filtering of access requests to ignore the restricting RBAC method and thereby open doors for municipalities for interoperability in an autonomous and secure way.

During the presentation the working principles of API access from a perspective of Identity & Access Management are explained, but also how these principles can be applied in practice in an existing application landscape.

The presentation will be a joint presentation between the lead architect of the City of The Hague, Jan Verbeek, and access strategist André Koot.

City of The Hague: Adding Access Control to Microservice Architectures for ZTA
Event Recording
City of The Hague: Adding Access Control to Microservice Architectures for ZTA
Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.
City of The Hague: Adding Access Control to Microservice Architectures for ZTA
Presentation deck
City of The Hague: Adding Access Control to Microservice Architectures for ZTA
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
André Koot
André Koot
SonicBee
André Koot is a Principal Consultant and Access Strategist at SonicBee. He has more than 25 years of experience in the field of information security, and as an economist he practices this...

Tickets

On-Demand Access
Re-live EIC 2023
€500
 
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address