Security

Let’s say you’re developing a SOA application. The user interface is a website that needs to be accessible from the public internet. You are using service composition in the UI, so you have JavaScript components from each service deployed in the UI. These components talk with their corresponding Web API over HTTP. Since the Web APIs are public facing, they’re sitting in the DMZ, so you need to secure them.  In this blog post series I’d like to give a high level overview about the de facto standard for authorization – OAuth 2.0 and the emerging standard for federated authentication – OpenID Connect.

Authentication & Authorization

First, let’s define what authentication and authorization mean:

Authentication is the process in which we validate that someone is who they claim to be. Usually you can authenticate by providing at least one of the following factors:

  • something you know – a password or a pin
  • something you have – a certificate or an RSA token
  • something you are – finger print

Authorization is the process through which we check the permissions that someone has. Although this can be modeled in multiple ways, it can be viewed as a matrix with subjects per lines, resources per columns and actions in cells.

OAuth 2.0

If we’re talking about API authorization, we need to also discuss about the delegated access model. The end user delegates access to his resources hosted on the web API to the client – the website. If we don’t want to pass the user’s credentials to the client and the APIs, then OAuth is a good choice. OAuth is an authorization protocol that can be used to enable limited access to private resources for 3rd party apps.
Continue Reading

Uncategorized

When I first thought of blogging, it was for two reasons: having an activity log and learning more quickly (and thoroughly).

Activity Log

Like any other developer, I often face new and interesting problems. Also, like many other developers, I face the same “new” problems again and again and have to rediscover the solutions because I forgot either the solution, or the reasoning behind it. A personal blog would be a perfect place to keep track of problems and their solution. And if other people can benefit from this, hey, that’s a big plus.

Learning

The second reason (and probably the most important) is learning. In the last 6 months I have been thinking a lot about learning. The way I learn is pretty common: grab a book and read it cover-to-cover. The thing is, there’s a limited amount of books that you can read this way. Also, if I don’t exercise what I learn immediately, I forget most of the book in a couple of months.

In my search of how to improve my learning process, I’ve found the 10 Steps To Learn Anything Quickly guide from simpleprogrammer.com. Although I was a bit skeptical at first (since the website is a bit heavy on marketing), I decided to give it a try and I can say I don’t regret it one bit. The guide is to the point and provides great examples of how to improve the way you learn.

Anyway, one of the 10 steps is teaching what you learn and it makes a lot of sense: every time I had to teach something, I gained a lot out of the experience. You can do this step in multiple ways: talk with someone, do a tutorial, deliver a presentation or you could start…

Blogging

Writing a good blog post on a topic should force you to fill any knowledge gaps and find a good way of organizing the information.

Even better, when I bought the 10 steps package, I received a blogging course work book, which led me to the How To Build A Blog That Will Boost Your Career free email course. This was just the impulse that I needed in order to start blogging – a course which takes you step by step through writing your first blog post. The course is well paced, having 6 lessons in 3 weeks, so there’s enough time to let the information sink in until the next lesson. Every part is straightforward and full of good advice and just to be sure you stick to the course, there is a homework at the end of each lesson.

My favorite homework on this course was having to come up with 50 (yes, 50!) blog post ideas. Although it seemed quite daunting at first, after about 30 minutes, ideas really started flowing. I guess this homework really hit the nail on its head – coming up with post ideas might not be as difficult as you may think.  Of course, there is a long road from post idea to blog post and it does require commitment, but coming up with ideas is half the battle.

If you want to start blogging, I really recommend this course.

So this is it – this blog will help me remember more, learn more, share more.  Check back soon!