Microservice authentication and authorization

Share
  • November 22, 2018
Technology

In this talk, Nic Jackson shows how you can secure your microservices, identify the difference between authentication and authorization, and why both are required. He investigates some common patterns for request validation, including HMAC and JWT to avoid the confused deputy problem, and also how you can manage and secure secret information.

Finally, you learn how you can leverage tools like the open source HashiCorp Vault as well as features from cloud providers like AWS and GCP, to keep your systems and users secure. The key takeaways from this talk are:

  • Using JWT for Authz
  • How to implement two-factor authentication into your applications
  • Securing microservice secrets
  • Implementing TLS and MTLS
  • Securing database access, don’t be the next Equifax
  • Encryption in transit, secure your data
  • Building a secure secret access policy

diuwgd

Nic Jackson is a developer advocate and polyglot programmer working for HashiCorp, and the author of “Building Microservices in Go” a book which examines the best patterns and practices for building microservices with the Go programming language. In his spare time, Nic coaches and mentors at Coder Dojo, teaches at Women Who Go and GoBridge, speaks and evangelizes good coding practice, process, and technique.

qiwegpqw

    DevOpsCon Whitepaper 2018

    Free: BRAND NEW DevOps Whitepaper 2018

    Learn about Containers,Continuous Delivery, DevOps Culture, Cloud Platforms & Security with articles by experts like Michiel Rook, Christoph Engelbert, Scott Sanders and many more.

    Download whitepaper for free

qowiheü

The post Microservice authentication and authorization appeared first on JAXenter.

Source : JAXenter

You may also like...