Join us for SpringOne, Jan 24-26, and learn how teams are building modern apps.

Tanzu Tuesdays

See live demos of modern application development technologies.

Secure Production with Spring Authorization Server and SPIFFE/SPIRE

Watch on Twitch
Watch on YouTube
12:00 PM PST on Tuesday, Jan 04, 2022

Secure Production with Spring Authorization Server and SPIFFE/SPIRE

Secure Production with Spring Authorization Server and SPIFFE/SPIRE

Jan 4, 2022

In this episode

The Spring Authorization Server project provides support for OAuth 2.1 Authorization Framework, OpenID Connect Core 1.0 and the numerous extension specifications.

SPIFFE, the Secure Production Identity Framework for Everyone, is a set of open-source standards for securely identifying software systems in dynamic and heterogeneous environments. Systems that adopt SPIFFE can easily and reliably mutually authenticate (e.g. Mutual TLS) wherever they are running.

SPIRE is a production-ready implementation of the SPIFFE APIs that performs node and workload attestation in order to securely issue identities to workloads and verify identities of other workloads.

The primary goal of this talk is to demonstrate how to securely configure Spring Authorization Server, Client and Resource Server with SPIRE for the purpose of issuing identities via SVIDs (SPIFFE Verifiable Identity Document).

The following will be discussed and demonstrated:

  • Configure SPIRE
  • Integrate Spring Authorization Server, Client and Resource Server with SPIRE
  • Configure Mutual TLS communication between Spring Authorization Server, Client and Resource Server
  • Configure OAuth 2.0 Mutual-TLS Client Authentication
  • Configure OAuth 2.0 Certificate-Bound Access Tokens

The sample that will be demonstrated provides a reference implementation of RFC 8705 OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens.

Guests

Joe Grandja

Joe Grandja

Joe Grandja is a core committer on the Spring Security team. He has been leading the efforts in building the next generation of OAuth 2 and OpenID Connect support in Spring Security and Spring Authorization Server.

With over 25 years of industry experience, his job roles have covered Solution Architect, Software Engineer, Team Lead and Consultant. His past experience has been mainly focused in the Financial Services sector in the Toronto, Canada area. He has designed, built and delivered enterprise grade banking applications/platforms in the Personal/Commercial and Brokerage/Investing divisions. He has worked closely with the InfoSec teams within the banks to ensure security and regulatory compliance.

Hosts

Tiffany Jernigan

Tiffany Jernigan

Tiffany is a senior developer advocate at VMware and is focused on Kubernetes. She previously worked as a software developer and developer advocate (nerd whisperer) for containers at Amazon. She also formerly worked at Docker and Intel. Prior to that, she graduated from Georgia Tech with a degree in electrical engineering. In her free time she likes to spend time with her fiancé, family, and friends, as well as dabble in photography. You can find her on Twitter @tiffanyfayj.

Whitney Lee

Whitney Lee

Whitney is a full stack developer who enjoys understanding and using tools in the cloud native landscape. Creative and driven, Whitney recently pivoted from an art-related career to one in tech. She is active in the open source community, especially around CNCF projects focused on developer productivity. You can catch her lightboard streaming show ϟ Enlightning on Tanzu.TV. And not only does she rock at tech - she literally has toured playing in the band Mutual Benefit on keyboards and vocals.

Leigh Capili

Leigh Capili

Leigh is an empathetic speaker and developer with niches in cloud-native systems and security. Leigh comes from a background of building software to manage infrastructure. He contributes to Kubernetes and Flux and is frequently working on his next software demo