David Blevins: Deconstructing and Evolving REST Security

Boulder Java Users Group
Boulder Java Users Group
Public group
Location image of event venue


5:30-6:00: Food, Soda, Beer and Networking

We're grateful to Teksystems (https://www.teksystems.com/) for food and Soda!

Pivotal Labs Boulder (https://pivotal.io/labs) is our beer sponsor!

Galvanize (http://www.galvanize.com/campuses/boulder-walnut/) for hosting our meetings!

No Fluff Just Stuff (https://www.nofluffjuststuff.com/home/main) for ongoing support!

6:00-6:15: Announcements

6:15-7:45: Talk

The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, are riddled with extensions, and almost seem designed to deliberately confuse. For a back-end REST developer, choking all this down for the first time is mission impossible. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. We then detail a competing Amazon-style approach called HTTP Signatures, ideal for B2B scenarios and similar to what is use to secure all Amazon AWS API calls. Each approach will be explored analyzing the architectural differences, with a heavy focus on the wire, showing actual HTTP messages and enough detail to have you thinking, “I could write this myself.”

As a bonus at the end, we’ll peak into a new IETF Internet Draft launched this year that combines JWT and HTTP Signatures into the perfect two-factor system that could provide a one-stop shop for business as well as mobile REST scenarios. Come to this session if you want to go from novice to expert with a bit of humor, a big picture perspective and wire-level detail.

About David Blevins

Founder of Tomitribe, David is a veteran of Open Source Java EE in both implementing and defining JavaEE specifications for over ten years with a strong drive to see JavaEE simple, testable and as light as Java SE. He is the Co-Founder of OpenEJB (1999), Geronimo (2003), and TomEE (2011). David is a member of the Java EE 7 and EJB 3.2 Expert Groups, past member of the Java EE 6, EJB 3.1, and EJB 3.0 Expert Groups. He's also a contributing author to Component-Based Software Engineering: Putting the Pieces Together from Addison Wesley.

You can find David on Twitter @dblevins (https://twitter.com/dblevins). 7:45: Door prizes

Jetbrains (http://www.jetbrains.com/) IDE License

Agile Developer Courses (https://agiledeveloper.com/courses.html)

Books provided by Pearson Addison-Wesley (https://www.pearsonhighered.com/)

Safari Books Online Develop Intelligence (http://www.developintelligence.com/)

No Fluff Just Stuff (https://www.nofluffjuststuff.com/home/main) hard core training and conferences

8:00: After Meeting Networking