Hans Zandbelt

CTO; ZmartZone IAM
Hans Zandbelt is CTO and IAM Architect at ZmartZone IAM. He holds an MSc. degree in Computer Science, Tele-Informatics and Open Systems from Twente University (1993). He has over 25 years experience as a technical leader in research and innovation projects, including digital identity initiatives. In 2011 he joined Ping Identity as an expert on Single Sign-On, Cloud Identity & Access Management and large scale deployment of federation technology, representing the CTO Office in Europe. In 2017 he founded ZmartZone IAM to provide Identity & Access Management consultancy and to contribute to standards and open source development in the broader field of IAM. He is the technical team leader for the OpenID Connect Certification program of the OpenID Foundation.

Hans's Session


Wednesday, June 26
2:00 - 2:50 pm
Jefferson
Deploy OpenID Connect and OAuth 2.0 with a Reverse Proxy Architecture
This session will present architectural patterns for integrating support for OpenID Connect and OAuth 2.0 into your service infrastructure using a reverse proxy (RP). We will go over a number of options for doing so and highlight advantages and disadvantages of outsourcing authentication and authorization functionality to a RP in a pattern similar to offloading SSL to a (or the same) RP.It will describe how a reverse proxy may be configured and deployed to handle OpenID Connect Relying Party functionality to sign on users to browser-facing services using a standardized federated SSO Protocol. In addition it will provide detail on deploying OAuth 2.0 Resource Server functionality as part of a reverse proxy in front of REST based APIs. It will then present options on how applications and APIs can consume the information that is processed by the RP sitting in front of the protected resources in a secure way.We will also take a deeper look at implementation options using Apache HTTPd with mod_auth_openidc and NGINX with the lua-resty-openidc plugin as well as a brief overview of the implemenation of this pattern into the Amazone Application Load Balancer (ALB) service.

Enter your details to receive email updates from Identiverse