A How to Guide to Security in the PAAS Cloud

A session at SpringOne 2GX 2015

Wednesday 16th September, 2015

4:30pm to 6:00pm (EST)

Cloud Native Track
Slides: http://www.slideshare.net/Spring...
Most developers still deal with application security issues in isolation, without understanding the security of the ""full stack"". As a result, security is sometimes inconsistent, and can be seen as a barrier to moving applications to the cloud. The session will examine the security of a typical Java Web application in an enterprise deployment. We will then look at what needs to change when that secure Java application is “forklifted” into Cloud Foundry. Finally, we will look at the benefits of adopting cloud native security protocols, such as OAuth2 and SAML2. The journey will cover 5 common application security architecture patterns taken from real world customer problems. We will compare how the security integration patterns differ between a standalone application and a cloud native application. From legacy enterprise identity management integration to security for microservices, this technical session includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality controls using Spring and Cloud Foundry. We have all heard of the idea of the “Full Stack” developer — someone who can understand the application up and down the whole stack. The goal of this session is to describe the full security stack and show how it differs between standalone deployments and a PAAS deployment.

About the speakers

This person is speaking at this event.
John Field

Been doing computer security since long before it was fashionable... bio from Twitter

This person is speaking at this event.
Shawn McKinney

Software architect, open source IAM evangelist, Java/LDAP code monkey and cycling enthusiast bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 4:30pm6:00pm EST

Date Wed 16th September 2015

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session