Dmitry Telegin
Principal backend engineer at Backbase, opensource IAM expert, IETF contributor
Cardiff, United Kingdom
Actions
In 2001, Dmitry graduated from the Lomonosov Moscow State University and began his career as a Java developer, eventually becoming a Java enterprise architect.
In 2017, he began his opensource IAM journey, gaining expertise in Keycloak and becoming a project contributor.
In 2019, he joined Backbase as a backend engineer and a Keycloak/IAM expert.
In 2022, Dmitry started participating in the IETF process and contributed to several specifications being discussed at the OAuth Working Group.
Area of Expertise
Topics
Securing workloads with Transaction Tokens and Minicloak
For the modern computing architectures involving multiple independent workloads and following the zero trust model, it is important that the calls between the workloads be properly authenticated and authorized. SPIFFE/SPIRE does solve the authentication part; however, it does not take into account the request context and other dynamic data.
A new Internet draft called Transaction Tokens has been adopted by the IETF OAuth Working Group, which addresses the authorization part. A transaction token is a short-lived, cryptographically signed, request-specific token obtained from the new Transaction Token Service in exchange for the external OAuth/OIDC access token and other context-dependent data. The token is then included into every inter-workload call, which guarantees that only non-spurious calls between the workloads can take place. From this talk, the attendees will learn about how Transaction Tokens work, how they help to make the internal perimeter more secure, how we implemented this upcoming specification using a customized version of Keycloak, what challenges we faced and how we solved them.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top