Session Name: Serverless Auth and Secrets Management
For your business it is more important than ever to protect applications, services and customer data from attackers. If you want to stay competitive, knowing how to efficiently and easily apply security and auth while being aware of the most common pitfalls is key in today's serverless world.
Traditional machine-to-machine auth approaches where you can rely on a statefull environment fall short in a modern serverless and thus stateless world. With this talk you’ll make an important step towards public-cloud-readiness and a future-proof "Zero Trust" architecture. After a short recap of some auth fundamentals, you'll learn how to efficiently apply authentication to each, AWS cloud & Azure cloud, using the managed Identity Provider Auth0, OAuth 2, JsonWebToken (JWT) and a serverless secrets management system.
Andreas is an expert in Identity & Access Management and a proponent of the serverless methodology. Because getting to a shared understanding with the business is more important than technical solutions, he's into approaches like Domain-Driven Design and Collaborative Modeling. He's from the community for the community and organizes several meetup groups in Berlin like @DDDBER, @fullstack_JS and @ServerlessBER.