Microservice Authentication and Authorization | Nic Jackson
Nic Jackson (HashiCorp) | https://devopsconference.de/speaker/nic-jackson/
In this talk we will look at how you can secure your microservices, we will identify the difference between authentication and authorization and why both are required. We will investigate some common patterns for request validation, including HMAC and JWT to avoid the confused deputy problem, and also how you can manage and secure secret information. Finally, we will see how we can leverage tools like the open source HashiCorp Vault as well as features from cloud providers like AWS and GCP, to keep your systems and users secure. Takeaways:
- Using JWT for Authz
- How to implement two factor authentication into your applications
- Securing microservice secrets
- Implementing TLS and MTLS
- Securing database access, don’t be the next Equifax
- Encryption in transit, secure your data
- Building a secure secret access policy
Join us at the next DevOpsCon: https://devopsconference.de/
The Conference for Continuous Delivery, Microservices, Containers, Cloud & Lean Business
Follow us on Twitter: https://twitter.com/devops_con
Like us on Facebook: https://www.facebook.com/DevOpsCon/
Видео Microservice Authentication and Authorization | Nic Jackson канала DevOps Conference
In this talk we will look at how you can secure your microservices, we will identify the difference between authentication and authorization and why both are required. We will investigate some common patterns for request validation, including HMAC and JWT to avoid the confused deputy problem, and also how you can manage and secure secret information. Finally, we will see how we can leverage tools like the open source HashiCorp Vault as well as features from cloud providers like AWS and GCP, to keep your systems and users secure. Takeaways:
- Using JWT for Authz
- How to implement two factor authentication into your applications
- Securing microservice secrets
- Implementing TLS and MTLS
- Securing database access, don’t be the next Equifax
- Encryption in transit, secure your data
- Building a secure secret access policy
Join us at the next DevOpsCon: https://devopsconference.de/
The Conference for Continuous Delivery, Microservices, Containers, Cloud & Lean Business
Follow us on Twitter: https://twitter.com/devops_con
Like us on Facebook: https://www.facebook.com/DevOpsCon/
Видео Microservice Authentication and Authorization | Nic Jackson канала DevOps Conference
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
OAuth 2.0 and OpenID Connect (in plain English)Authentication as a Microservice10 Tips for failing badly at Microservices by David SchmitzBest Practices for securing CI/CD Pipelines or how to get Security right | Victoria AlmazovaThe hardest part of microservices is your dataDeveloping microservices with aggregates - Chris RichardsonWhat are microservices really all about? - Microservices Basics TutorialAuthenticating service-to-service calls with Google Cloud Endpoints (Google Cloud Next '17)Design Microservice Architectures the Right WayBuilding Streaming Microservices with Apache Kafka - Tim BerglundMastering Chaos - A Netflix Guide to MicroservicesAuthentication on the Web (Sessions, Cookies, JWT, localStorage, and more)How Netflix Is Solving Authorization Across Their Cloud [I] - Manish Mehta & Torin Sandall, NetflixEmbracing Messaging and Eventual Consistency in your Microservices Solutions - Michele Bustamante100% Stateless with JWT (JSON Web Token) by Hubert SablonnièreIntroduction to Microservices, Docker, and KubernetesOAuth and OpenID Connect for MicroservicesTop 10 Security Best Practices to secure your Microservices - AppSecUSA 2017Using sagas to maintain data consistency in a microservice architecture by Chris RichardsonNode.js API Authentication With JWT