With the rise of micro-services, REST communication is more popular than ever. But the communication between the different parts must also be performed in a secure way.
First, we need to know if the user or system is allowed to call the JAX-RS endpoint. For this authentication part, self-contained tokens are the best option to not overload any of our services in the system. JWT which contains the authentication but also can contain the authorization info is ideal for this use-case.
And secondly, we need guarantees that the message isn't altered, that we can have message integrity. For that part, we can use signatures as specified in the HTTP signature draft specification.
Besides the concepts, the presentation will use various code examples to show the theory in action.