Deconstructing REST Security.

Public group
Location image of event venue


En esta ocasión contaremos con la visita de Bruno Baptista, leader del JUG de Coimbra y co-organizador de

La charla será en inglés.

The learning curve for security is severe and unforgiving. Specifications promise infinite flexibility, habitually give old concepts new names, are riddled with extensions, and almost seem designed to deliberately confuse. For a back-end REST developer, choking all this down for the first time is mission impossible. With an aggressive distaste for fancy terminology, this session delves into OAuth 2.0 as it pertains to REST and shows how it falls into two camps: stateful and stateless. We then detail a competing Amazon-style approach called HTTP Signatures, ideal for B2B scenarios and similar to what is use to secure all Amazon AWS API calls. Each approach will be explored analyzing the architectural differences, with a heavy focus on the wire, showing actual HTTP messages and enough detail to have you thinking, “I could write this myself.”

About Bruno:
I'm a well versed Java, Open Source technology developer and a Senior Software Engineer. With over 10 years as an enterprise level engineer, I've lead QA and development teams, garnered skills in design and development process. I like to do my research, help people grow on my teams, I'm keen on continuous integration systems and like to see a good code coverage. My core skills include Java EE, Spring, TomEE, JBoss, SQL, Drools, RESTful web services, Arquillian, Gigaspaces, PostgreSQL, Cassandra and many Java-based Enterprise relevant technologies.
I'm a member of Condomínio Criativo and JUG organizer in Coimbra (Portugal) and co-founder of Cork JUG in Ireland. I did a stint in radio broadcasting at Rádio University of Coimbra.

When I'm not busy in the world of bits and bytes, you can find me building with lego, listening strange vinyl records, doing some photography and swimming.