microXchg 2017 has ended
Friday, February 17 • 11:25 - 12:15
Beyond OAuth2: end to end microservice security

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
OAuth2 allows users to delegate abilities to applications, so applications can act on resources on the user's behalf. It's a great story, but the story seems to end when the request makes it into your microservices based architecture. With microservices, the ""application"" in an OAuth2 interaction might actually be many applications, and the ""resource"" may need to call other resources. What should your services do once they obtain the user's token? Is there a way to assert a particular call stack through your web of applications in a way that's both performant, and flexible for when your services evolve? What if some applications don't use HTTP? In this talk, you'll see a standards based approach to solve all these problems, and provide a consistent method for enforcing each application's security policies.

avatar for Will Tran

Will Tran

Will Tran has been helping startups and enterprises harness the power of the Spring Framework for a decade. Will is currently working for Pivotal, building products for Cloud Foundry and contributing to open-source Spring. While working for Pivotal, Will has made major technical contributions... Read More →

Friday February 17, 2017 11:25 - 12:15
Loft (2nd floor)