eBooks & Reports

O'Reilly's Automating Security in the Cloud

Issue link: https://resources.threatstack.com/i/872576

Contents of this Issue

Navigation

Page 14 of 32

commands that you issue are signed by your access keys, which you can either pass with the command or store as configuration settings on your computer. REST API—REST's client-server separation of concerns simplifies component imple‐ mentation, reduces the complexity of connector semantics, improves the effectiveness of performance tuning, and increases the scalability of pure server components. Lay‐ ered system constraints allow intermediaries—proxies, gateways, and firewalls—to be introduced at various points in the communication without changing the interfaces between components, thus allowing them to assist in communication translation or improve performance via large-scale, shared caching. REST enables intermediate pro‐ cessing by constraining messages to be self-descriptive. Interaction is stateless between requests. Standard methods and media types are used to indicate semantics and exchange information, and responses explicitly indicate cache ability. FIDO U2F (Universal 2nd factor) - U2F is an open authentication standard that enables internet users to securely access any number of online services, with one single device, instantly and with no drivers, or client soware needed. U2F was created by Google and Yubico, and support from NXP, with the vision to take strong public key crypto to the mass market. Today, the technical specifications are hosted by the open-authentication industry consortium known as the FIDO Alliance. U2F has been successfully deployed by large scale services, including Gmail, Dropbox, GitHub, Salesforce.com, the UK government, and many more. U2F Advantages Strong security — Strong two-factor authentication, using public key crypto that pro‐ tects against phishing, session hijacking, man-in-the-middle, and malware attacks. Easy to use — Works out-of-the-box thanks to native support in platforms and browsers (starting with Chrome, and Opera, with Mozilla coming in 2017) enabling instant authentication to any number of services. No codes to type, or drivers to install. High privacy — Allows users to choose, own, and control their online identity. Each user can also opt to have multiple identities, including anonymous (no personal information associated with the identity). A U2F device generates a new pair of keys for every service, and only the service stores the public key. With this approach, no secrets are shared between service providers, and even low-cost U2F devices can sup‐ port any number of services. Multiple choices — Open standards provide flexibility and product choice. Designed for existing phones and computers, for many authentication modalities (keychain devices, for integration directly into computing devices, etc.), and with different com‐ munication methods (USB, NFC, Bluetooth). Identity & Access Management (IAM) | 13

Articles in this issue

Links on this page

view archives of eBooks & Reports - O'Reilly's Automating Security in the Cloud