Microservice authentication and authorization
Why are microservice authentication and authorization both required and how can you identify the differences between them? Watch Nic Jackson’s DevOpsCon 2018 session and learn all about microservice authentication and authorization, how to secure your microservices and many more!
In this talk, Nic Jackson shows how you can secure your microservices, identify the difference between authentication and authorization, and why both are required. He investigates some common patterns for request validation, including HMAC and JWT to avoid the confused deputy problem, and also how you can manage and secure secret information.
Finally, you learn how you can leverage tools like the open source HashiCorp Vault as well as features from cloud providers like AWS and GCP, to keep your systems and users secure. The key takeaways from this talk are:
- Using JWT for Authz
- How to implement two-factor authentication into your applications
- Securing microservice secrets
- Implementing TLS and MTLS
- Securing database access, don’t be the next Equifax
- Encryption in transit, secure your data
- Building a secure secret access policy