Open Source API Gateways and Dynamic Authorization: Working with Kong

APIs are used in almost all modern application projects and are usually tightly coupled with microservices. Securing APIs in different ways is critical and although many API gateways can handle basic security, they usually lack the capability to apply fine-grained policy based authorization.

In this session, Jonas Iggbom from Axiomatics shows how Axiomatics operates with API gateways for dynamic and policy-based authorization. Carlos Garcia from Optum discusses specific healthcare industry challenges when exposing data via APIs, and how Optum extended the capabilities of the Kong API gateway to integrate with the Axiomatics authorization engine.

Key Takeaways:

  1. Core concepts of dynamic authorization for APIs
  2. Applying policy-based fine-grained authorization for APIs
  3. API challenges in healthcare
  4. How to extend the Kong API gateway to achieve fine-grained authorization

Optum is a leading information and technology-enabled health services business dedicated to helping make the health system work better for everyone. With more than 135,000 people worldwide, Optum delivers intelligent, integrated solutions that help to modernize the health system and improve overall population health. Optum is part of UnitedHealth Group (NYSE:UNH). For more information, visit www.optum.com.

Kong is a scalable, open source API Layer (also known as an API Gateway, or APIMiddleware). Kong runs in front of any RESTful API and is extended through Plugins, which provide extra functionality and services beyond the core platform.

Other Resources

Zero Trust Through Dynamic Authorization And Policy Driven Access
Join experts from KuppingerCole Analysts, Ericom and Axiomatics for an interactive discussion on the role of fine-grained access controls in adopting Zero Trust and how best to address that challenge to meet the needs of a hybrid workforce using cloud-based applications and adopting new ways of working, such as DevOps.
The Convergence of Cloud, DevOps and Access Control
Security experts from industry-leading NTT DATA and Axiomatics are making a deep dive into migrating access control to the cloud. Follow the demonstration of how to set up a project for containerization using ALFA and Jenkins.
ABAC as code – Applying Modern DevOps to Policy Authoring
A DevOps approach to externalized business policy engineering can ensure modern CI/CD processes help IT adoption of access control policy authoring.