Speaker details

Mercedes Wyss


CTO, Oracle Groundbreaker Ambassador and Auth0 Ambassador, Duke’s Choice Award in Educational Outreach. Mercedes Wyss is a software engineer with more than eight years of experience in backend, frontend and Android development using Java, Kotlin and Python. Currently, she is CTO at Produactivity, a startup based in Guatemala. She is focusing on increasing women’s participation in STEAM by running a JDuchess Chapter in Guatemala, which one she organizes a STEAM Women Day Conference and She Does STEAM Webinars, she is the leader of a Google Developers Collective (Devs+502). She also is a Mozilla Guatemala and Mozilla Hispano communities member , and Co-Leader of Women in Data Guatemala City and PyLadies Guatemala City. She was previously organizing meetings in Guatemala Java Users Group from 2012 to 2016.

Keeping Safe Your Server to Server Communications


The rise of microservices has reached an impressive point of maturity. We have all traveled a very interesting way to learn about new tools, frameworks, design patterns and strategies that have forced us to think out of the box to embrace this architecture. One of the challenges is choosing how our microservices will communicate? choreography or orchestration. Another of the challenges is to reduce the risk between those communications and adding a security layer.

We are facing scenarios such as communications between two microservices in the same trust domain of between two or multiple trust domains. How to ensure that a microservices has access to another? We also can have communications between synchronously or asynchronously microservices, for the first ones the communication is given over HTTP, but the seconds the communication can be given over any kind of messaging system.

In this talk, we will cover some points to solve those challenges. Starting with the authentication and authorization in server-to-server communications, propagating identity information between microservices and handling communications between different trust domains. Then we will discuss how to secure synchronous communications with certificates, JWTs or over gRPC. Finally, we will talk about messaging systems such as RabbitMQ, Kafka, ActiveMQ for secure asynchronous communications.

Scheduled on Friday from 16:45 to 17:35 in Stream 2

Security Best Practices
API Gateway
Microservices Architectures
Event-Driven Microservices