Securing Your Java EE Microservices with HMAC Authentication

Track: Security
Skill Level: Advanced
Room: Room A314
Time Slot: Tue 2/16, 1:00 PM
Tags: javaee/spring microservice
Abstract

This presentation covers benefits and drawbacks of various popular Java EE microservices security approaches (Diffie-Hellman, RSA, HMAC) and looks at how to implement them in real-world examples. It explains why hash-based message authentication is best for microservice communication and has remained uncrackable. The presentation also shows that HMAC is fast, efficient, stateless, scalable, and DOS-resistant and can securely use any protocol and framework that supports messaging with headers, with no risk to the transport layer.

Scott Kramer

Scott Kramer Lead “Hands-On” Architect for various clients. Scott Kramer has over two decades of experience with technology leadership, enterprise architecture, application development and consulting having written and sold his first commercial program in high school. Scott has worked on many different hardware devices, operating systems, languages and technology stacks including Single Board Computers, information gathering devices, multi-cored linked devices, and mainframes through personal computers. Scott has experience in many languages and operating systems including MVS, Unix, and Microsoft, .NET, Java, C, and more. Scott has certification in several technologies, and has been published in variety of subjects, written computer based training modules and has spoken at JavaOne multiple times, Chicago Coder Conference, and various local venues on a variety of subjects. Scott volunteers for many organizations including Chicago Java Users Group, Illinois Java Users Group, Coder Conference, Chicago Police, the Sheriff, and a Society for Global Citizenship (a disabled children’s organization). Scott graduated from University of Wisconsin, and happily lives in Chicago with his wonderful wife.