05b26f57 auth and api 2019 11 26 scaled 930x620 1

Auth and API: OpenID Connect for user + service, and enforcement along route

Agilicus hosted a meetup (Chautauqua) on the topic of OpenID Connect for Authentication and Authorisation of users and API’s. We discussed the merits and drivers for OpenID Connect, as well as an implementation using Istio and Open Policy Agent (OPA) driven from OpenAPI specification.

We had a bit of an issue with the primary lavalier microphones (hint: next time we will turn them on!) so this is from the backup camera and mic.

Thanks to all who came out and chatted about OpenID connect, 2-factor authentication, JWT, how to protect API east-west in the network as a service rather than in code, and shared their experiences around API gateways.

This motivation is also somewhat covered in my Municipal Infosec presentation showing some real world examples. By moving the user identity and auth into a standard, the experience becomes excellent. By moving the authorisation into the network from the application the security becomes strong yet simple. This is a win-win for all.

Enjoy and hope to see you at the next meetup!

The raw presentation is not as interesting without the colour commentary, but it is below for posterity.