chapter two
2 Standards for implementing authentication
This chapter covers
- Analyzing customer, employee, and partner preferences for authentication
- Discussing standards to enable secure user authentication
- Identifying the technologies for securing sensitive application credentials
All applications, whether a million-line monolith or a thousand-line microservice must solve various security problems such as the following four:
- Securing communication channels
- User authentication and authorization
- Handling sensitive credentials such as API keys required to access external services
- Running the application securely in a cloud environment or on premise
We’ll explore how to secure communication channels with Transport Layer Security (TLS) in detail in chapter 10, basically locking the door to your data so no one sneaks in. But what good is a locked door if you're handing out keys to just anyone? That’s where authentication comes in.
Now, we’ll dive into the tools and methods for solving authentication challenges. Why? Because you need to make sure the person knocking at your app's front door isn't an attacker in disguise, or worse, your ex trying to get into your Netflix account.