Thursday, Oct 25, 1:00 p.m. – 1:45 p.m.
Moscone West – Room 2003
About this Session
The learning curve for REST API security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, and almost seem designed to deliberately confuse. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 with and without JWT for user identity; AWS-style security for B2B with API keys; and OAuth 2.0 Proof of Possession, which merges both into two-factor bliss. Using a baseline microservice architecture, the presentation compares them, with a heavy focus on the wire, showing actual HTTP messages and analyzing their impact on load and security. Starting with basic authentication and a brief intro to hashing and signing, this is the perfect session to align the whole team.
Did you enjoy the session?
Here are the slides from the session &
below you can find all "Session References"
Session References
Here you will find all Resources from the session. If you have any other questions please feel free to write us at the bottom of the page.
JSON Web Token (JWT)
HTTP Signatures
OAuth 2.0 Proof-of-Possession
JSON Web Keys (JWK)
Got a few extra minutes?
Case Studies & Reports
Tomitribe is proud to impact these companies in a positive way & is happy to show you it in detail below.
@WalmartLabs
enables over 245 million customers to visit Walmart’s 11k stores, in 28 countries, & 10 websites worldwide.
Have some questions for David?
Drop him a line!
* These fields are required.
* These fields are required.
