JSON Web Tokens Presented by Micah Silverman

JSON Web Token (JWT) is an open standard for passing claims between parties. Claims are simply key/value pairs. JWTs (typically pronounced "jots") are cryptographically signed tokens encoded into a single string. In addition to being used as a "dumb" token for any purpose, they can be cryptographically verified and decoded to extract the claims from them. Many token based services, including OAuth2 implementations, are using JWTs as a way to increase security, performance and scalability.

In this presentation, Micah Silverman gives an overview of the JJWT library, how it can be used in a CSRF (Cross Site Request Forgery) prevention implementation and a simple (but powerful) PKI (Public Key Infrastructure) approach to secure communication between microservices.