How to get along with HATEOAS without letting the bad guys steal your lunch?

Track: Security
Abstract

It’s a cool idea - decouple the client from the server and let the application tell the client what it can do dynamically. This approach should allow much more flexibility and resilience as the client and server can evolve separately. Unfortunately, the HATEOAS approach can be a free lunch for cybercriminals unless you understand the simple steps needed to secure your design.

Steve Poole

Steve Poole is a Developer Advocate, DevOps practitioner and a long time IBM Java developer, leader and evangelist. He’s been working on Java SDKs and JVMs since Java was less than one year old.

Graham Charters

Graham is a (fairly ancient) Architect and IBM Senior Technical Staff Member now focusing on developer advocacy for Open Liberty at IBM’s R&D Laboratory in Hursley, UK. He takes a keen interest in emerging technologies and practices and in particular programming models. His past exploits include establishing and contributing to open source projects at PHP and Apache and participation in, and leading, industry standards.