Stateless Authentication using JWT (JSON Web Token)

Currently I work on an implementation for authentication and authorization using Spring Boot, Spring Security, OAuth 2.0 and JSON Web Tokens (JWT). In order to get a good understanding on these topics I found several talks that I’m going to list here.

100% Stateless with JWT (JSON Web Token)” by Hubert Sablonnière. I found it very useful to get a better understanding on using JWTs to create a really stateless authentication architecture.


There is another interesting talk on Stateless authentication with OAuth 2 and JWT by Alvaro Sanchez-Mariscal.


This post will be updated as I find new resources.

Public Key Infrastructure (PKI) – Secure Key Exchange – [video]

In public key infrastructures a common problem is that both communication partners have to have the same key in order communicate in a secure way (to encrypt and decrypt messages properly). The question is how is it practically possible to share a secret key over an untrusted channel like the internet for example. The solution is the use of asynchronous methods (public and private keys) in order to exchange the secret key in a secure way. In the following video Professor Christopher M. Bishop (Distinguished Scientist at Microsoft Research Cambridge) explains this method in a handy and understandable way to a group of children.

[youtube U62S8SchxX4]

The blue key in the video represents the secret (shared secret). The red key of Andy is his private key and the green key is the private key of Christopher. I guess the public keys are omitted in the video for didactical reasons. But the video demonstrates the key exchange in an easy to understand manner.

Reblog this post [with Zemanta]

Nobody Can Stop Facebook Because Nobody Understands Facebook

Facebook, Inc.
Image via Wikipedia

Mashable has just published a post titled “Nobody Can Stop Facebook Because Nobody Understands Facebook“. There is an interesting sentence in this post:

Have the nuances of online privacy become so complex that they’re beyond the comprehension of mere mortals? I’m not saying that Facebook has any intent to cause confusion, but the complexities of the open vs closed debate and the prescriptive vs descriptive nature of the “everybody” setting effectively act to shut down public discourse.

I agree that it has not become easier to control privacy specially in the scope of Facebook. I do not really know what data which I publish on Facebook stays there, do you know? Actually when posting on Facebook I keep in mind that everything that I provide is for anybody to use. This you should also keep in mind when you act on Facebook.

Other interesting articles:

Reblog this post [with Zemanta]

“The Age of Privacy is Over” says Facebook’s CEO Mark Zuckerberg

On a six-minute interview on stage with TechCrunch founder Michael Arrington Facebook CEO Mark Zuckerberg states that if he’d start facebook again all privacy settings by DEFAULT would be PUBLIC. A very interesting approach which leads to the question if people want if all of their data is available publicly? I personally do not.

Here is the interview of Zuckerberg:

Reblog this post [with Zemanta]

100 eLearning Articles and White Papers

I have found a great collection of 100 eLearning articles and white papers through dontwasteyourtime. The full list of articles can be found at Dr. Tony Karrer’s weblog called elearningtech.

(via cristinacost’s tweet)

Reblog this post [with Zemanta]