CSE 2102 - Module 8: Containerization, Docker, Authentication and Authorization

Hypervisor

program used to run/manage virtual machines. resource management, isolation, virtualization

Type 1 Hypervisor

Runs directly on hardware

Type 2 Hypervisor

Runs on host OS

Image

read-only templates containing code, runtime, tools, etc built from Dockerfile

Container

packages app and environment together so it works the same everywhere. shares OS kernel. built from image.

Docker Daemon (dockerd)

background process that manages Docker objects such as images, containers and networks

Identity Provide (IdP)

trusted service that manages user identities and handles authentication (e.g. Google, Microsoft Azure AD, Facebook, GitHub)

Tokens

piece of data (usually string) representing user’s identity or permissions

• Access = what you can do

• ID = who you are

• Refresh = stay logged in

JSON Web Token (JWT)

securely transmit information between parties as a JSON object

• Header: token type + algorithm

• Payload: the actual data (claims: user info, metadata)

• Signature: verifies the token hasn’t been changed

Federated Identity

access multiple applications across different security domains with a single set of credentials

• Security Assertion Markup Language (SAML)

• Open Authorization (OAuth2)

• OpenID Connect (OIDC)