Domain Models: Security as a First-class Concern
Offered By: Pluralsight
Course Description
Overview
In this talk, you'll get a look at how to embed security in domain models, allowing for developers to take greater responsibility for integrating security into the core of our applications.
Integrating security into the development process is critical for the proper functioning of an application. API gateways, RBAC systems, and service mesh sidecars can all provide some elements of security, but the final arbiter of who can do what and under what circumstances must be the responsibility of the domain model. One critical aspect of application security is being able to test the application's security constraints as part of the normal domain logic, and asserting about it as part of a simple, on-workstation test suite without recourse to external API gateways or other access control mechanisms. In this talk, you'll get a look at how to embed security in domain models, allowing for developers to take greater responsibility for integrating security into the core of our applications. You'll see some patterns for coarse- and fine-grained access control as well as complex business rules about who may do what to which entity, when, and under what circumstances.
Integrating security into the development process is critical for the proper functioning of an application. API gateways, RBAC systems, and service mesh sidecars can all provide some elements of security, but the final arbiter of who can do what and under what circumstances must be the responsibility of the domain model. One critical aspect of application security is being able to test the application's security constraints as part of the normal domain logic, and asserting about it as part of a simple, on-workstation test suite without recourse to external API gateways or other access control mechanisms. In this talk, you'll get a look at how to embed security in domain models, allowing for developers to take greater responsibility for integrating security into the core of our applications. You'll see some patterns for coarse- and fine-grained access control as well as complex business rules about who may do what to which entity, when, and under what circumstances.
Taught by
DevSecCon
Related Courses
Software as a ServiceUniversity of California, Berkeley via Coursera Software Defined Networking
Georgia Institute of Technology via Coursera Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld Systems
Vanderbilt University via Coursera Web-Technologien
openHPI Données et services numériques, dans le nuage et ailleurs
Certificat informatique et internet via France Université Numerique