Microservice Authentication and Authorization | Nic Jackson
Nic Jackson (HashiCorp) | https://devopsconference.de/speaker/nic-jackson/
In this talk we will look at how you can secure your microservices, we will identify the difference between authentication and authorization and why both are required. We will investigate some common patterns for request validation, including HMAC and JWT to avoid the confused deputy problem, and also how you can manage and secure secret information. Finally, we will see how we can leverage tools like the open source HashiCorp Vault as well as features from cloud providers like AWS and GCP, to keep your systems and users secure. Takeaways:
- Using JWT for Authz
- How to implement two factor authentication into your applications
- Securing microservice secrets
- Implementing TLS and MTLS
- Securing database access, don’t be the next Equifax
- Encryption in transit, secure your data
- Building a secure secret access policy
Join us at the next DevOpsCon: https://devopsconference.de/
The Conference for Continuous Delivery, Microservices, Containers, Cloud & Lean Business
Follow us on Twitter: https://twitter.com/devops_con
Like us on Facebook: https://www.facebook.com/DevOpsCon/
Видео Microservice Authentication and Authorization | Nic Jackson канала DevOps Conference
In this talk we will look at how you can secure your microservices, we will identify the difference between authentication and authorization and why both are required. We will investigate some common patterns for request validation, including HMAC and JWT to avoid the confused deputy problem, and also how you can manage and secure secret information. Finally, we will see how we can leverage tools like the open source HashiCorp Vault as well as features from cloud providers like AWS and GCP, to keep your systems and users secure. Takeaways:
- Using JWT for Authz
- How to implement two factor authentication into your applications
- Securing microservice secrets
- Implementing TLS and MTLS
- Securing database access, don’t be the next Equifax
- Encryption in transit, secure your data
- Building a secure secret access policy
Join us at the next DevOpsCon: https://devopsconference.de/
The Conference for Continuous Delivery, Microservices, Containers, Cloud & Lean Business
Follow us on Twitter: https://twitter.com/devops_con
Like us on Facebook: https://www.facebook.com/DevOpsCon/
Видео Microservice Authentication and Authorization | Nic Jackson канала DevOps Conference
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
OAuth 2.0 and OpenID Connect (in plain English)
Authentication as a Microservice
10 Tips for failing badly at Microservices by David Schmitz
Best Practices for securing CI/CD Pipelines or how to get Security right | Victoria Almazova
The hardest part of microservices is your data
Developing microservices with aggregates - Chris Richardson
What are microservices really all about? - Microservices Basics Tutorial
Authenticating service-to-service calls with Google Cloud Endpoints (Google Cloud Next '17)
Design Microservice Architectures the Right Way
Building Streaming Microservices with Apache Kafka - Tim Berglund
Mastering Chaos - A Netflix Guide to Microservices
Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)![How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, Netflix](https://i.ytimg.com/vi/R6tUNpRpdnY/default.jpg)
How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, Netflix
Embracing Messaging and Eventual Consistency in your Microservices Solutions - Michele Bustamante
100% Stateless with JWT (JSON Web Token) by Hubert Sablonnière
Introduction to Microservices, Docker, and Kubernetes
OAuth and OpenID Connect for Microservices
Top 10 Security Best Practices to secure your Microservices - AppSecUSA 2017
Using sagas to maintain data consistency in a microservice architecture by Chris Richardson
Node.js API Authentication With JWT