Tanzu Tuesdays
See live demos of modern application development technologies.
Secure Production with Spring Authorization Server and SPIFFE/SPIRE
Secure Production with Spring Authorization Server and SPIFFE/SPIRE
Secure Production with Spring Authorization Server and SPIFFE/SPIRE
Jan 4, 2022
In this episode
The Spring Authorization Server project provides support for OAuth 2.1 Authorization Framework, OpenID Connect Core 1.0 and the numerous extension specifications.
SPIFFE, the Secure Production Identity Framework for Everyone, is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments. Systems that adopt SPIFFE can easily and reliably mutually authenticate (e.g. Mutual TLS) wherever they are running.
SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue identities to workloads and verify identities of other workloads.
The primary goal of this talk is to demonstrate how to securely configure Spring Authorization Server, Client and Resource Server with SPIRE for the purpose of issuing identities via SVIDs (SPIFFE Verifiable Identity Document).
The following will be discussed and demonstrated:
- Configure SPIRE
- Integrate Spring Authorization Server, Client and Resource Server with SPIRE
- Configure Mutual TLS communication between Spring Authorization Server, Client and Resource Server
- Configure OAuth 2.0 Mutual-TLS Client Authentication
- Configure OAuth 2.0 Certificate-Bound Access Tokens
The sample that will be demonstrated provides a reference implementation of RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.
Guests
Joe Grandja
Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth 2 and OpenID Connect support in Spring Security and Spring Authorization Server.
With over 25 years of industry experience, his job roles have covered Solution Architect, Software Engineer, Team Lead and Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada area. He has designed, built and delivered enterprise grade banking applications/platforms in the Personal/Commercial and Brokerage/Investing divisions. He has worked closely with the InfoSec teams within the banks to ensure security and regulatory compliance.
Hosts
Tiffany Jernigan
Tiffany is a senior developer advocate at VMware and is focused on Kubernetes. She previously worked as a software developer and developer advocate (nerd whisperer) for containers at Amazon. She also formerly worked at Docker and Intel. Prior to that, she graduated from Georgia Tech with a degree in electrical engineering. In her free time she really likes to travel and dabble in photography. You can find her on Twitter @tiffanyfayj.
Whitney Lee
Whitney is a lovable goofball who enjoys understanding and using tools in the cloud native landscape. Creative and driven, Whitney recently pivoted from an art-related career to one in tech. She is a CNCF Ambassador and active in the open source community. You can catch her lightboard streaming show ⚡️ Enlightning on Tanzu.TV. And not only does she rock at tech - she literally has toured playing in the band Mutual Benefit on keyboards and vocals.
Leigh Capili
Leigh is an empathetic speaker and developer with niches in cloud-native systems and security. Leigh comes from a background of building software to manage infrastructure. He contributes to Kubernetes and Flux and is frequently working on his next software demo