January Meeting
|
Join us on Meetup
Our next meeting will be Tuesday, January 16, 2018.
Doors open @ 6:30 PM,
Meeting begins @ 7:00 PM
Speaker: David Blevins
Speaking On:
Deconstructing and Evolving REST Security
@
>>>>> 9001 Spectrum Center Blvd. <<<<<
San Diego, CA 92123
Can you make it Poll (on Yahoo)
Can you make it Poll (on Facebook)
|
6:30 - |
Equipment setup and mixer - Food Provided by: TBD |
|
7:00 - |
Meeting begins, announcements |
|
7:15 - |
Speaker: David Blevins |
|
7:45 - |
Short Break |
|
7:55 - |
Speaker: David Blevins |
|
9:00 - |
Drawings - final announcements Meeting Ends, tear down, mixer |
|
9:30 - |
Official Stop |
Speaker: David Blevins
Title: Deconstructing and Evolving REST Security
Abstract: The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, are riddled with extensions, and almost seem designed to deliberately confuse. For a back-end REST developer, choking all this down for the first time is mission impossible. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. We then detail a competing Amazon-style approach called HTTP Signatures, ideal for B2B scenarios and similar to what is used to secure all Amazon AWS API calls. Each approach will be explored analyzing the architectural differences, with a heavy focus on the wire, showing actual HTTP messages and enough detail to have you thinking, “I could write this myself.”
As a bonus at the end, we’ll peek into a new IETF Internet Draft launched this year that combines JWT and HTTP Signatures into the perfect two-factor system that could provide a one-stop shop for business as well as mobile REST scenarios. Come to this session if you want to go from novice to expert with a bit of humor, a big picture perspective.
Speaker Bio: Founder of Tomitribe, veteran of Open Source Java EE in both implementing and defining JavaEE specifications for over 10 years with a strong drive to see JavaEE simple, testable and as light as Java SE. Co-Founder of OpenEJB (1999), Geronimo (2003), TomEE (2011). Member of the Java EE 7 and EJB 3.2 Expert Groups, past member of the Java EE 6, EJB 3.1, and EJB 3.0 Expert Groups. Contributing author to Component-Based Software Engineering: Putting the Pieces Together from Addison Wesley.
Company Bio: Tomitribe is an innovative engine driving open source software, Java EE technologies and API Gateway security through community and enterprise global support for Apache Tomcat, TomEE and Tribestream. We help customers evolve their IT strategies and leverage the scalability of microservices architecture. Tomitribe is a JCP EC member, an Eclipse Foundation member and a MircroProfile co-founder.