Welcome to another edition of the JBoss Weekly Editorial where we bring you up to speed with all that has been happening across the JBoss Communities.
Is Oauth2 secure enough ?
This week, we have debated a lot around Oauth2 after the publication of this post "Introducing TAuth: Why OAuth 2.0 is bad for banking APIs and how we're fixing it". This article suggests that OAuth2 is broken because client authentication is not strong enough. But as mentioned by Stian Thorgersen, there is nothing which prevent to authenticate the client using just an id and secret but any http based authentication mechanism (Basic, Digest) is permitted. Moreover, it is important when the architect designs the solution that he/she reviews the different possibilities offered to reenforce the security of the platform like mutual TLS, Token Expiration, Token introspection to intercept and revoke the client if required. Oauth2 like TLS and SSL are sometimes complex to use or to position correctly within a project and this is the reason why we are working hard to develop the project Keycloak in order to simplify the management of such SSO Architecture !
Evangelist's Corner
- Healthcare Demo by Christina Lin using Camel, HLT Dataformat & Mciroservices technology
- When JRubyFx meets Hawkular and help to design the GUI by Heiko Rupp
- Setup a Vacation Request Process using jBPM by Eric Schabell
Conferences, Events
Don't miss these incoming events where our fabulous coders will talk about :
- Infinispan at GeeCon 2016
- Camel, Microservices, Fabric8, Security, Apiman, Vert.x at JBCNConf 2016
- OpenShift, Mobile, Push Notification, HTTP/2, CDI at RivieraJUG 2016
Releases, release, releases ....
I hope this week's editorial has provided you with something of interest, please join us again next week when we will bring you more news from JBoss and the JBoss Communities.
Comments