Currently I work on an implementation for authentication and authorization using Spring Boot, Spring Security, OAuth 2.0 and JSON Web Tokens (JWT). In order to get a good understanding on these topics I found several talks that I’m going to list here.
“100% Stateless with JWT (JSON Web Token)” by Hubert Sablonnière. I found it very useful to get a better understanding on using JWTs to create a really stateless authentication architecture.
There is another interesting talk on Stateless authentication with OAuth 2 and JWT by Alvaro Sanchez-Mariscal.
This post will be updated as I find new resources.
In a common problem is that both communication partners have to have the same key in order communicate in a secure way (to infrastructuresencrypt and decrypt messages properly). The question is how is it practically possible to share a secret key over an untrusted channel like the internet for example. The solution is the use of asynchronous methods (public and private keys) in order to exchange the secret key in a secure way. In the following video Professor Christopher M. Bishop (Distinguished Scientist at Microsoft Research Cambridge) explains this method in a handy and understandable way to a group of children.
The blue key in the video represents the secret (shared secret). The red key of Andy is his private key and the green key is the private key of Christopher. I guess the public keys are omitted in the video for didactical reasons. But the video demonstrates the key exchange in an easy to understand manner.
Related articles by Zemanta
Mashable has just published a post titled “Nobody Can Stop Facebook Because Nobody Understands Facebook“. There is an interesting sentence in this post:
Have the nuances of online privacy become so complex that they’re beyond the comprehension of mere mortals? I’m not saying that Facebook has any intent to cause confusion, but the complexities of the open vs closed debate and the prescriptive vs descriptive nature of the “everybody” setting effectively act to shut down public discourse.
I agree that it has not become easier to control privacy specially in the scope of Facebook. I do not really know what data which I publish on Facebook stays there, do you know? Actually when posting on Facebook I keep in mind that everything that I provide is for anybody to use. This you should also keep in mind when you act on Facebook.
Other interesting articles:
- Facebook Personalizes the Web with Open Graph (michaelfertik.com)
- How to Restore Your Privacy on Facebook (e1evation.com)
- What data does Facebook publish about you? (boingboing.net)
- Facebook privacy hole ‘lets you see where strangers plan to go’ (Charles Arthur/Guardian) (techmeme.com)
- More Facebook Privacy Concerns (lockergnome.com)
On a six-minute interview on stage with TechCrunch founder Michael Arrington Facebook CEO Mark Zuckerberg states that if he’d start facebook again all privacy settings by DEFAULT would be PUBLIC. A very interesting approach which leads to the question if people want if all of their data is available publicly? I personally do not.
Here is the interview of Zuckerberg:
Related articles by Zemanta
- Facebook’s Zuckerberg Says The Age of Privacy is Over (readwriteweb.com)
- An updated guide to Facebook privacy: December 2009 edition (arstechnica.com)