Friday, June 3, 2016

Ten Talks On Microservices You Cannot Miss At Any Cost!

The Internet is flooded with articles, talks and panel discussions on Microservices. According to Google Trends, the word, microservices — has a steep, upward curve since mid 2014. Finding the best talks among all the published talks on microservices is a hard job — and I might be off the track in picking the best 10 — apologize me if your most awesome microservices talk is missing here and please feel free to add a link to it as a comment. To add one more to the pile of microservices talks we already have, I will be doing a talk on Microservices Security at the Cloud Identity Summit, New Orleans next Monday.


Saturday, May 28, 2016

Building Microservices ~ Designing Fine-grained Systems

The book Building Microservices by Sam Newman is one of the very first on the subject. It’s a great book for anyone who talks about or designs or builds microservices must read — I strongly recommend buying it!. This article reviews the book while highlighting the key takeaways from each chapter.

Tuesday, May 17, 2016

Enabling FIDO U2F Multi-Factor Authentication for the AWS Management Console with the WSO2 Identity Server

This tutorial on Medium explains how to enable authentication for the AWS Management Console against the corporate LDAP server and then enable multi-factor authentication (MFA) with FIDO. FIDO is soon becoming the de facto standard for MFA, backed by the top players in the industry including Google, Paypal, Microsoft, Alibaba, Mozilla, eBay and many more.

Wednesday, May 11, 2016

How Netflix secures Microservices with short-lived certificates?

Today we had our 6th Silicon Valley IAM meetup at the WSO2 office Mountain View. We are glad to have Bryan Payne from Netflix to talk on the topic — ‘PKI at Scale Using Short-Lived Certificates’. Bryan leads the Platform Security team at Netflix and prior to Netflix, he was the Director, Security Research at Nebula.

 This post on medium is written based on Bryan’s talk at the meetup and other related resources.

Friday, May 6, 2016

JSON Message Signing Alternatives

In this post we explore following alternatives available to sign a JSON message and then build a comparison between each of them.
  • JSON Web Signature (JWS) 
  • JSON Cleartext Signature (JCS) 
  • Concise Binary Object Representation (CBOR) Object Signing 
Read the complete article on Medium.

Tuesday, April 26, 2016

JWT, JWS and JWE for Not So Dummies!

JSON Web Token (JWT) defines a container to transport data between interested parties. It became an IETF standard in May 2015 with the RFC 7519. There are multiple applications of JWT. The OpenID Connect is one of them. In OpenID Connect the id_token is represented as a JWT. Both in securing APIs and Microservices, the JWT is used as a way to propagate and verify end-user identity.

This article on medium explains in detail JWT, JWS and JWE with their applications.

Saturday, April 23, 2016

GSMA Mobile Connect vs OpenID Connect

Mobile Connect is an initiative by GSMA. The GSMA represents the interests of mobile operators worldwide, uniting nearly 800 operators with more than 250 companies in the broader mobile ecosystem, including handset and device makers, software companies, equipment providers and internet companies, as well as organizations in adjacent industry sectors. The Mobile Connect initiative by GSMA focuses on building a standard for user authentication and identity services between mobile network operators (MNO) and service providers.

This article on medium explains the GSMA Mobile Connect API and see how it differentiates from the OpenID Connect core specification.