The Internet is flooded with articles, talks and panel discussions on Microservices. According to Google Trends, the word, microservices — has a steep, upward curve since mid 2014. Finding the best talks among all the published talks on microservices is a hard job — and I might be off the track in picking the best 10 — apologize me if your most awesome microservices talk is missing here and please feel free to add a link to it as a comment. To add one more to the pile of microservices talks we already have, I will be doing a talk on Microservices Security at the Cloud Identity Summit, New Orleans next Monday.
The book Building Microservices by Sam Newman is one of the very first on the subject. It’s a great book for anyone who talks about or designs or builds microservices must read — I strongly recommend buying it!. This article reviews the book while highlighting the key takeaways from each chapter.
This tutorial on Medium explains how to enable authentication for the AWS Management Console against the corporate LDAP server and then enable multi-factor authentication (MFA) with FIDO. FIDO is soon becoming the de facto standard for MFA, backed by the top players in the industry including Google, Paypal, Microsoft, Alibaba, Mozilla, eBay and many more.
Today we had our 6th Silicon Valley IAM meetup at the WSO2 office Mountain View. We are glad to have Bryan Payne from Netflix to talk on the topic — ‘PKI at Scale Using Short-Lived Certificates’. Bryan leads the Platform Security team at Netflix and prior to Netflix, he was the Director, Security Research at Nebula.
This post on medium is written based on Bryan’s talk at the meetup and other related resources.
JSON Web Token (JWT) defines a container to transport data between interested parties. It became an IETF standard in May 2015 with the RFC 7519. There are multiple applications of JWT. The OpenID Connect is one of them. In OpenID Connect the id_token is represented as a JWT. Both in securing APIs and Microservices, the JWT is used as a way to propagate and verify end-user identity.
This article on medium explains in detail JWT, JWS and JWE with their applications.
Mobile Connect is an initiative by GSMA. The GSMA represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 250 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent industry sectors. The Mobile Connect initiative by GSMA focuses on building a standard for user authentication and identity services between mobile network operators (MNO) and service providers.
This article on medium explains the GSMA Mobile Connect API and see how it differentiates from the OpenID Connect core specification.