Speaker Details

Sergey Beryozkin
Red Hat

Sergey Beryozkin is a member of the Quarkus Security team where he is busy dealing with various security issues alongside his colleagues. His primary expertise is in OpenId Connect and JSON Web Token (JWT) security. He was and is still involved in the Eclipse MicroProfile JWT specification work. Before rejoining Red Hat, he was an Apache Software Foundation (ASF) CXF JAX-RS (Java API for RESTful Web Services) implementation and security support project lead for many years, when he also became a committer in several other ASF projects such as Apache Tika. He is interested in how distributed software systems can interoperate. He has lived in Dublin, Ireland for a quarter of a century, is an aspiring cyclist, a keen walker and club chess player.

In this session, we will introduce Quarkus and Quarkus Security Architecture and explain how it can help solve real world security requirements with Developer Joy remaining a Priority for the Quarkus Security team. We will show how you can develop and test services secured with OpenId Connect in Dev mode. You will learn how to customize a verified security identity, how to use both role and permission based access control, and combine multiple authentication mechanisms with annotations. You will be introduced to one of the most compact ways of generating signed, encrypted or both inner-signed and encrypted JSON Web Tokens, currently available to Quarkus but also SmallRye JWT users. We will finish the session with a demo showing how you can authenticate users with multiple OpenId Connect (OIDC) and OAuth2 providers with a simple configuration only, with many tricky provider specific requirements taken care of under the hood automatically, explain how many different OIDC tenant resolution policies work in Quarkus allowing users build the most complex OIDC provider combinations, and more. Hopefully you will agree after this talk that working with security in Quarkus is the new cool.

More

Searching for speaker images...