0

I have questions around Azure ML Service with regards to web service deployment / security. Can you please help me with these questions:

  • By default, published web service URIs are public addressable without any requirement for authentication. What are the best practices for securing these web services?
  • When authenticating from unattended processes such as web services, DevOps, etc, what are the options / best practices for authenticating? Managed Identity does not seem to be supported by Azure ML Service. App registrations? Other?
Mah
  • 1
  • 2
  • Regarding second question, are you asking for authentication from Web Services to other Azure resources or authentication around Web Services? – Parth Shah Sep 02 '19 at 18:56

1 Answers1

0

To the first question, the best approach would be to deploy the services to Azure Kubernetes Services. This way, there are two authentication keys that get generated. There might be other approaches to that are being worked on but this is one that I know works for some scenarios. You can also, I believe with certain decorators, retrieve the http headers etc. in your score.py function that might be leveraged by ACI (Azure Container Instances) where it's deployed without keys introduced by the SDK. This might be changing in the future.

For the 2nd question, if we're talking about how to train a network for example unattended, then it would be to use App registration, AFAIK.

omartin2010
  • 421
  • 1
  • 5
  • 15