DevConf.US 2022 has ended
Registration is now OPEN! Please register HERE as soon as possible!

DevConf.US 2022 is the 5th annual, free, Red Hat sponsored technology conference for community project and professional contributors to Free and Open Source technologies coming to Boston this August!!
Friday, August 19 • 11:00 - 11:50
Authorino: K8s-native Zero Trust API security

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

How do you handle authentication and authorization in your API projects? Do you bake them as part of your application’s code?

It turns out that decoupling your application’s runtime auth layer to an external authorization service is a good practice that improves maintainability, scalability and performance, governance, among other aspects of the software process and operation. And there are secure and practical ways to do so. Even better when the tools you rely on are made for Kubernetes and the cloud context we all live in nowadays!

This talk will introduce one of the latest developments in API protection, sponsored by Red Hat, a general-purpose Kubernetes-native external authorization service, that pairs with Envoy Proxy's external authorization protocol for identity verification and authorization policy enforcement. We will walk you through the steps of protecting an API ecosystem or API mesh, for use cases such as of authentication and authorization based on JWTs and OpenID Connect, API keys, Kubernetes TokenReviews and SubjectAccessReviews (aka Service Account tokens and Kube RBAC), Open Policy Agent, and many other patterns and auth technologies, using one single tool.

It is not a proxy, it is not another Identity Provider/SSO server, it doesn’t involve changing your application’s code. At the same time, it’s clean, versatile, cloud-native, and of course it’s open source. It’s Authorino!

After this talk, you will feel comfortable to implement state of the art Zero Trust API security for your applications running on Kubernetes, by just writing a small piece of YAML code.

avatar for Alex Snaps

Alex Snaps

Sr. Principal Software Engineer, Red Hat
avatar for Guilherme Cassolato

Guilherme Cassolato

Principal Software Engineer, Red Hat

Friday August 19, 2022 11:00 - 11:50 EDT
Conference Auditorium