TechLife Cincinnati

Details
Michael N. Rissover will be presenting:

Title: Authentication Patterns with Spring Security, OAuth, and OIDC : A presentation guide for Java developers implementing modern identity and access management in Spring applications.

Details: Modern Java applications face a critical challenge: implementing authentication and authorization correctly in distributed architectures. We'll establish a clear distinction between authentication and authorization, then dive into practical patterns including OIDC integration with Spring Security, the Backend-for-Frontend pattern for securing browser-based applications, token exchange for service-to-service calls, and role-based access control. Attendees will leave with a reference architecture and concrete strategies for securing SPAs and microservices.

Bio: Michael Rissover is a Principal Platform Architect at Toshiba Global Commerce Solutions, serving as the principal architect for the ELERA retail commerce platform and leading API governance across 550+ APIs. With almost 25 years in enterprise software development, he specializes in API design, platform modernization, and distributed systems. Michael is also an adjunct faculty member at Southern New Hampshire University and Central Texas College, a #1 Amazon bestselling author on AI and Cloud Technologies, and Regional Director for the National Society of Software Engineers (Great Lakes region).

Hybrid meeting: Pizza and drinks will be provide.

Agenda

• 11:30 AM: Meet and Greet
• 11:45 AM: CinJUG Introductions & Announcements
• 11:50 AM: Main Presentation
• 12:45 PM: Q&A Session
• 1:00 PM: Meeting concludes

Location:

Physical address:
Callibrity
8280 Montgomery Road
Suite 300
Cincinnati, OH 45236

Meeting Topic: Web protocols and security implications (continued)

This is a continuation of Scott Corzine's talk from September.
A tour through the web protocols, how they are used at scale/in the cloud, and some security ramifications. HTML, MIME, HTTP, Cookies, TLS/SSL, X.509, TCP, IPv4 or IPv6, Ethernet or Wifi, DNS, UDP, ICMP, and some helpers are all used in the simplest of web pages. As we move towards more sophisticated web programming we start to find SQL and others on the backend along with a lot of behind-the-scenes complexity. Then Web 2.0 brings Javascript into our browsers with CSS, DOM, AJAX, REST APIs, GraphQL and others. We introduce NAT/PAT firewalls at the customer side and load balancers, autoscaled instances or Kubernetes, more security features, SAML/OIDC, etc.
All of this increases the attack surface, so understanding the protocols is a key step in understanding what, where, why, and how to protect yourself.
We'll go through a simple web request and the protocols used to transport it. Then, if we have time, we'll go through what's been built on top of it and how we build high quality service providers in the cloud.

Scott Corzine is a people oriented technologist with a mission of "Building secure, stable, and scalable infrastructure/cloud platform to run your enterprise apps and SaaS products." He has worked in roles of Consultant, Architect, Engineer, Administrator across the Infrastructure fields of Cloud, Databases, Linux/Unix Systems, Storage, Networking, Web Services, and Security. Currently d/b/a Bear-Ice Computing, he is available for consulting, sub-contracting, or the right full-time employment opportunity.

About Us:

The CiNPA Security SIG is the Cincinnati Networking Professionals Association Security Special Interest Group. We meet monthly on the third Thursday of each month, starting at 6:30 p.m.

DO NOT USE MEETUP RSVP - USE THE LINK in the text in the Comments