Cookie Settings
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Other cookies are those that are being identified and have not been classified into any category as yet.

No cookies to display.

05b26f57 auth and api 2019 11 26 scaled 930x620 1

Auth and API: OpenID Connect for user + service, and enforcement along route


Agilicus hosted a meetup (Chautauqua) on the topic of OpenID Connect for Authentication and Authorisation of users and API’s. We discussed the merits and drivers for OpenID Connect, as well as an implementation using Istio and Open Policy Agent (OPA) driven from OpenAPI specification.

We had a bit of an issue with the primary lavalier microphones (hint: next time we will turn them on!) so this is from the backup camera and mic.

Thanks to all who came out and chatted about OpenID connect, 2-factor authentication, JWT, how to protect API east-west in the network as a service rather than in code, and shared their experiences around API gateways.

This motivation is also somewhat covered in my Municipal Infosec presentation showing some real world examples. By moving the user identity and auth into a standard, the experience becomes excellent. By moving the authorisation into the network from the application the security becomes strong yet simple. This is a win-win for all.

Enjoy and hope to see you at the next meetup!

The raw presentation is not as interesting without the colour commentary, but it is below for posterity.