Zen & the art of Edge Authentication - Dora Militaru - DevOps Barcelona.pdf
•
0 likes•49 views
Authentication is scary, difficult, dangerous, and… essential. Most apps need some form of it, often as a prerequisite for almost all end-user requests. Join me for a fresh and practical perspective on authentication architecture for the modern, open web, using modern standards like WebAuthn. We'll set up a passwordless authentication layer that's fast, distributed, secure, isolated from the rest of your system, and minimally annoying to integrate and maintain.
Recommended
Recommended
More Related Content
Similar to Zen & the art of Edge Authentication - Dora Militaru - DevOps Barcelona.pdf
Similar to Zen & the art of Edge Authentication - Dora Militaru - DevOps Barcelona.pdf (20)
Recently uploaded
Recently uploaded (20)
Zen & the art of Edge Authentication - Dora Militaru - DevOps Barcelona.pdf
- 1. zen and the art of edge authentication Dora Militaru gh: @doramatadora x: @doramilitaru
- 2. Dora Militaru gh: @doramatadora x: @doramilitaru
- 3. adjective • informal • /zen/ Relaxed and unconcerned about things beyond one's control. zen noun • hot topic • /edʒ kəmˈpjuːt/ Bringing computation and data as close as possible to where it is needed.* * while retaining control of the environment edge noun • /ɑːˌθen.t̬əˈkeɪ.ʃən/ The process of verifying the identity of a person or device. authentication secure login flows ✨ large-scale, coordination free. .distributed systems ✨
- 4. Robert M Pirsig Zen y el arte de la mantención de la motocicleta "the most widely read philosophy book of all time"
- 5. OAuth 2.0 authorization code flow with proof-key code exchange (PKCE) on edge compute
- 11. key pair private key public key
- 12. key pair private key public key encryption decryption data confidentiality
- 13. key pair private key public key verifying signing data authenticity + integrity
- 14. key pair private key public key
- 15. key pair private key public key cipher text plain text encryption plain text decryption
- 16. key pairs private key signing public key verification private key public key encryption cipher text plain text plain text decryption
- 17. key pair private key public key encryption decryption verifying signing
- 18. key pair private key public key
- 19. Photo by 五玄土 ORIENTO on Unsplash
- 20. user client server relying party authenticator authentication registration
- 21. registration
- 22. user client server (relying party) authenticator 🙏 register using passkey registration
- 23. user client server (relying party) authenticator get registration options 🙏 register using passkey
- 24. options + random challenge { R4n60M57r… } user client server (relying party) authenticator get registration options 🙏 register using passkey
- 25. client navigator.credentials.create( ) { R4n60M… } user server (RP) authenticator
- 26. client verify user navigator.credentials.create( ) { R4n60M… } user server (RP) authenticator
- 27. client verify user create key pair + sign challenge navigator.credentials.create( ) { R4n60M… } sig:R4n60M… credentialId user server (RP) authenticator
- 28. user client server (RP) authenticator sig:R4n60M… credentialId
- 29. user client server (RP) authenticator verify signature + store public key & credential sig:R4n60M… credentialId
- 30. user client server (RP) authenticator verify signature + store public key & credential passkey registered 🎉 sig:R4n60M… credentialId registration
- 31. authentication
- 32. user client server (RP) authenticator 🙏 sign in with passkey
- 33. user client server (RP) authenticator get authentication options 🙏 sign in with passkey
- 34. user client server (RP) authenticator get authentication options 🙏 sign in with passkey options + random challenge { o7Hr4N60m… }
- 35. user client server (RP) authenticator navigator.credentials.get( ) { o7Hr4N60m… }
- 36. user client server (RP) authenticator verify user navigator.credentials.get( ) { o7Hr4N60m… }
- 37. user client server (RP) authenticator verify user sign challenge + get credentials sig:o7Hr… credentialId navigator.credentials.get( ) { o7Hr4N60m… }
- 38. user client server (RP) authenticator sig:o7Hr… credentialId
- 39. user client server (RP) authenticator sig:o7Hr… credentialId verify signature + sign in
- 40. user client server (RP) authenticator signed in 🎉 sig:o7Hr… credentialId verify signature + sign in
- 41. owasp.org/API-Security/editions/2023/en/0x11-t10 Most critical web application security risks in 2023 Broken Object Level Authorization Broken Authentication
- 42. Photo by Moja Msanii on Unsplash p w n e d? have u been
- 43. Photo by Moja Msanii on Unsplash
- 45. user client server Relying Party authenticator edge compute
- 46. 291 Tbps global edge capacity Sep 2023 1.5 trillion requests served daily
- 50. Compute KV Store backend system origin public keys edge compute & state store
- 51. Code + Passkey resources zen-edge-auth.glitch.me DevOps Barcelona Chat devchat.edgecompute.app @doramilitaru fastly.com fastly.dev thank you ❤