Tanzu Tuesdays

See live demos of modern application development technologies.

Secure Production with Spring Authorization Server and SPIFFE/SPIRE

Watch on Twitch
Watch on YouTube
12:00 PM PST on Tuesday, Jan 04, 2022

Secure Production with Spring Authorization Server and SPIFFE/SPIRE

Secure Production with Spring Authorization Server and SPIFFE/SPIRE

Jan 4, 2022

In this episode

The Spring Authorization Server project provides support for OAuth 2.1 Authorization Framework, OpenID Connect Core 1.0 and the numerous extension specifications.

SPIFFE, the Secure Production Identity Framework for Everyone, is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments. Systems that adopt SPIFFE can easily and reliably mutually authenticate (e.g. Mutual TLS) wherever they are running.

SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue identities to workloads and verify identities of other workloads.

The primary goal of this talk is to demonstrate how to securely configure Spring Authorization Server, Client and Resource Server with SPIRE for the purpose of issuing identities via SVIDs (SPIFFE Verifiable Identity Document).

The following will be discussed and demonstrated:

  • Configure SPIRE
  • Integrate Spring Authorization Server, Client and Resource Server with SPIRE
  • Configure Mutual TLS communication between Spring Authorization Server, Client and Resource Server
  • Configure OAuth 2.0 Mutual-TLS Client Authentication
  • Configure OAuth 2.0 Certificate-Bound Access Tokens

The sample that will be demonstrated provides a reference implementation of RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.

Guests

Joe Grandja

Joe Grandja

Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth 2 and OpenID Connect support in Spring Security and Spring Authorization Server.

With over 25 years of industry experience, his job roles have covered Solution Architect, Software Engineer, Team Lead and Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada area. He has designed, built and delivered enterprise grade banking applications/platforms in the Personal/Commercial and Brokerage/Investing divisions. He has worked closely with the InfoSec teams within the banks to ensure security and regulatory compliance.

Hosts

Tiffany Jernigan

Tiffany Jernigan

Tiffany is a senior developer advocate at VMware and is focused on Kubernetes. She previously worked as a software developer and developer advocate (nerd whisperer) for containers at Amazon. She also formerly worked at Docker and Intel. Prior to that, she graduated from Georgia Tech with a degree in electrical engineering. In her free time she likes to spend time with her fiancé, family, and friends, as well as dabble in photography. You can find her on Twitter @tiffanyfayj.

Whitney Lee

Whitney Lee

Whitney traveled the scenic route but is chuffed to have found her way to Kubernetes and cloud technologies. Whitney began her professional career as a fine artist before owning her own photography business for over a decade. After a year-long tour playing keys in the band Mutual Benefit, Whitney went back to school in 2019 to learn full-stack web development. After graduation, Whitney was employed by IBM as a cloud developer, using none of the skills she had just learned. She developed an insatiable appetite for all things cloud, and a passion for teaching others as she acquired knowledge herself. Whitney has made many cloud-related lightboard videos that together have 400,000+ views. At VMware, you can find Whitney writing lighthearted yet informative guides, or behind the lightboard during her weekly streaming show ϟ Enlightning. Whitney’s contagious excitement drives her to collaborate and play!

Leigh Capili

Leigh Capili

Leigh is an empathetic speaker and developer with niches in cloud-native systems and security. Leigh comes from a background of building software to manage infrastructure. He contributes to Kubernetes and Flux and is frequently working on his next software demo