CNS-4429 Implementing Microservices Security Patterns & Protocols with Spring Deep Dive | Devoxx

Devoxx Belgium 2018
from Monday 12 November to Friday 16 November 2018.

   Implementing Microservices Security Patterns & Protocols with Spring Deep Dive

Deep Dive

Architecture & Security
Architecture & Security
Beginner & novice level
Room 5 Tuesday from 09:30 til 12:30

Building secure microservices requires mastering a variety of patterns, protocols, frameworks, and technologies. This deep dive provides a holistic end-to-end view of how to secure microservices using industry standard protocols and Spring. The goal is to present how standards such as JWT, JWA, JWS, JWE, JWK, OAuth2, OpenID Connect, TLS can be combined to make writing secure microservices easy.

The deep dive will alternate between slides that explain the security standards and protocols and code walkthroughs/live coding showing how to apply the patterns and standards using Spring Security 5.1. We will demonstrate the following patterns and their implementations.

  • Web SSO Login
  • Implementing OAuth2 resource servers
  • Implementing edge service gateways
  • Token Exchange in a microservice call chain
  • Token Relay in a microservice call chain
  • Integration with OpenID Connect / OAuth2 Servers
  • Features of Spring Security 5.1 that make it easier to secure microservices

We assume no prior experience with security standards or Spring Security. However, we assume that you are comfortable reading Java code and web development.

Spring Security   security best practices   MicroServices   OpenID Connect   OAuth 2.0  
Subscribe to Devoxx on YouTube
Joe Grandja
Joe Grandja
From Pivotal

Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth 2.0, OpenID Connect 1.0, and JOSE framework support in Spring Security 5.

Joe has over 20 years of industry experience in the role of Solution Architect, System Architect, Software Engineer and Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada area. He has successfully designed, built and delivered enterprise grade banking applications/platforms in the Personal/Commercial and Brokerage/Investing divisions. He has worked closely with the InfoSec teams within the banks to ensure security and regulatory compliance.

Adib Saikali
Adib Saikali
From Pivotal

Adib Saikali is passionate about technology and entrepreneurship from assembly to JavaScript from cold calling to pitching venture capitalists. He’s been responsible for architecting and implementing security in a variety of applications. Adib is an Advisory Platform Architect at Pivotal helping customers build cloud native applications using Spring Cloud, Cloud Foundry, and Kubernetes. Adib is a co-organizer of the Toronto Java User Group and Toronto Cloud Foundry Meetup.

Make sure to download the Android or iOS mobile schedule.