• Tokyo Headquarters+81 35-321-3111

Some parts of this page may be machine-translated.

 

[International Event Introduction] Jamstack Conf 2021 Security is the “s” in Jamstack by Maricris Bonzo

[International Event Introduction] Jamstack Conf 2021 Security is the “s” in Jamstack by Maricris Bonzo

This time, we will introduce the content of the presentation titled "Security is the 's' in Jamstack" from the "Jamstack Conference 2021"!

 

The "Jamstack Conference," which has over 10 years of history, is hosted by Netlify, the cloud computing company that created Jamstack. Developers from around the world gather to discuss the design and development of the latest websites based on the Jamstack concept. The presentations are in English, but this blog will introduce them in Japanese.

 

Table of Contents

The speaker this time is engineer Maricris Bonzo from a company called Magic.

 

We provide decentralized authentication services.

 

How can we ensure security in Jamstack?

 

They introduced four approaches for personal authentication.

Security-related Issues

It is common for users to log in and register personal information when using the system.

 

However, at the same time, you will face the following risks.

 

Service Provider

As the scale expands, the need and pressure to manage data properly increases.

[User Side]

How personal information is managed, concerns about data leakage. (I wonder how my data will be managed...)

 

How can we address this issue when using Jamstack?

Types of Authentication Methods

As a fundamental premise, there are two main types of authentication methods.

 

1. Centralized Authentication

Conventional authentication methods. It aggregates and manages users' personal information data.

 

It seems that terms such as centralized authentication, aggregated authentication, centralized authentication, and central authority authentication can be used in Japanese, but there is no fixed expression established.

 

This report will refer to it as "centralized authentication."

 

2. Decentralized Authentication

New authentication method. Each user manages their own personal data.

 

The term "decentralized authentication" is often used.

Four Approaches

This is the main topic.

 

Approach 1: Create a Centralized Authentication System

 

There are ways to use IDs and passwords, or to issue tokens.

 

The system has the advantage of being easy to create and customizable to suit various applications for managing data.

 

On the other hand, we cannot overlook the risks from the perspective of data management. Even when using libraries, it is extremely difficult to find reliable open source options.

 

Approach 2: Create a Custom Decentralized Authentication

 

To mitigate the risks of managing data in-house, the concept of decentralized authentication has emerged. Instead of the system managing data centrally, each user manages their own data.

 

Keep keys and certificates on your mobile phone and distribute them on the blockchain, presenting only the necessary data as needed.

 

However, creating it yourself can be quite challenging, and ensuring its reliability may also be difficult.

 

Approach 3: Outsourcing Centralized Authentication

 

This is a common method used today, which relies on authentication through other services using APIs.

 

This includes multi-factor authentication (MFA) and single sign-on (SSO).

 

This is an easy way to create sites with Jamstack.

 

The services provided by Auth0 and Firebase have high compatibility. The ability to quickly integrate them just by learning how to use the APIs of these providers is a major attraction.

 

However, regardless of which centralized authentication service is used, there is certainly a risk in having the data managed in a centralized manner. If that service goes down, it becomes unusable. Additionally, the number of people who feel resistance to not being able to manage their own data is likely to increase in the future.

 

Approach 4 Outsourcing Decentralized Authentication

In decentralized authentication services, instead of a user ID and password, a private key and public key managed by blockchain are provided.

 

The company Magic, where the speaker works, is a specialized service provider.

 

Those private and public keys are, so to speak, like a physical strengthening of traditional user IDs and passwords.

 

These keys generated by elliptic curve cryptography do not contain any personally identifiable information.

 

Therefore, it is also possible to migrate to and use other services.

 

The usage varies by service provider. Magic offers an API that can be used with plug-and-play (implementation is very easy!).

 

User information and data belong to the user. It can be said that this aligns with the thinking that will become a future trend.

 

However, being in a growth phase in a new field is both an advantage and a disadvantage.

 

There are still no established standards, and it varies widely among providers.

 

Additionally, you may feel that there are some limitations on what can be done since the authentication will be outsourced.

Comparison of Approaches

We have compared the four approaches introduced so far.

 

 

The result is that the third or fourth outsourcing approach is superior.

 

In addition, the points to consider were introduced as follows.

 

1. Ease of Developer Engagement

 

2. User Experience

 

3. Features Provided

 

4. Level of Support

 

5. Current and Future Costs

 

6. Stringency of Privacy and Security

 

7. Can users have sovereignty over their data?

Summary

The concept of decentralized authentication seems to be gradually gaining traction.

 

Microsoft

(https://www.microsoft.com/en-us/security/business/solutions/decentralized-identity)

NTT Data

(https://www.nttdata.com/jp/ja/data-insight/2020/122302/)

 

Recently, there has been a trend towards extreme tightening in the way personal information is managed.

 

Regulations such as the EU General Data Protection Regulation (GDPR) have become very strict, making it so that Yahoo Japan may no longer be accessible from Europe, and even Facebook may become unusable, among other things...

 

From this, there are advantages to a method of managing personal data that is decentralized and not involving others, as opposed to a method that aggregates personal information.

 

Additionally, obtaining authentication via API aligns with the design philosophy of Jamstack, and it can be said to be a good approach as it does not impose unnecessary responsibilities.

 

However, the reality is that there are few experienced individuals who have actually implemented it, making it difficult to find talent.

 

That is why touching on such methods early on may become a significant advantage in the future!

 

Thank you for reading until the end.

 

Human Science Co., Ltd. provides solutions for web content and platforms using a unique combination of "document production know-how" and "the latest web development technology (Jamstack)" that is not available from other companies.

 

If you are interested, please feel free to contact us here!

 

Human Science Co., Ltd.

https://www.science.co.jp/document/jamstack.html

 

Source of this document: https://www.youtube.com/watch?v=FFQctR6w11M

[jamstack_blog_tag]

Related Blog Posts

What are the benefits of Markdown? An explanation of the reasons for its adoption and usage examples
[Column] Creating a System for Manual Development to Reduce the Burden on Engineers
[Column] From Word to Web Manuals – Expanding Options with Jamstack
Features of the High-Performance Headless CMS 'Storyblok'
[Column] From Engineer Perspective to User Perspective – Creating Easy-to-Understand Manuals
[Column] Smart Manual Management with Jamstack! - Avoiding Security Risks -
Static Site Generator Guide for Beginners ①
[First Column] Can Human Science Build Jamstack? A Manual Production Company Shares Its Serious Thoughts.
[Overseas Event Introduction] Developing Fast at Scale: How to Maximize the Netlify Workflow
[International Event Introduction] Quantifying the Value of Modern Web Development
[Introduction to Overseas Events] The Jamstack and Your Data
[International Event Introduction] Headless vs Traditional eCommerce Platforms
[International Event Introduction] Developer Productivity Conference 2021 3 Productivity Hacks for Jamstack by Brian Rinaldi
[International Event Introduction] Jamstack Conf 2021 Security is the “s” in Jamstack by Maricris Bonzo
[International Event Introduction] Bet You Didn’t Think Your Browser Could do That by Monica Dinculescu
[Introduction to Overseas Events] The next generation of Jamstack is less JS! by Yang Zhang
[International Event Introduction] The Future of the Jamstack – Exciting Frameworks, Tools, and More with Cassidy Williams
[International Event Introduction] Speeding up Singapore’s COVID-19 response with the Jamstack by Kwa Jie Hao
[International Event Introduction] The COVID Tracking Project: 0 to 2M API Requests in 3 Months
Finanzchef24: Content Structure and Acquisition of Core Web Vitals
Advantages and Disadvantages of Serverless Architecture
[Introduction to Overseas Events] Jamstack is eating the world
Migration to Jamstack: A Case Study of Mambu
Reduce your online carbon emissions! How to create an eco-friendly website?
Jamstack & Nature: Reducing Carbon Dioxide Emissions by Charm Industrial
Optimize the DrSmile website to enable rapid execution of cutting-edge experiments
Case Study on 3x Performance Improvement for Emerging Dynamics' New Site
Stack Upgrade: Newfront Case Study
Editor-Friendly Jamstack Website: Armorblox Case Study
Build fast Progressive Web Applications (PWA) with Jamstack
Reasons Why Revamp Agency, Based in New York, Transitioned from WordPress Shop to Jamstack [Part 2]
Reasons Why Revamp Agency, Based in New York, Transitioned from WordPress Shop to Jamstack [Part 1]
Migration to Headless WordPress and Next.js by Backlinko [Part 2]
Migration from Backlinko's Headless WordPress to Next.js [Part 1]
Static Site Generator Guide for Beginners ④
Static Site Generator Guide for Beginners ③
What is a Static Site Generator?
Static Site Generator Guide for Beginners ②
Jamstack SEO Guide: Content SEO [Part 2]
Jamstack SEO Guide: Content SEO [Part 1]
Jamstack SEO Guide [Part 2]
Jamstack SEO Guide [Part 1]
Case Study: Radio Program Analysis App for the Swiss Federal Government Agency
Towards Better Education: Avenues Case Study
UN COVID-19 Response Creative Content Hub Case Study
What is Jamstack? [Part 2]
What is Jamstack? [Part 1]
Blog List
Jamstack Site Construction Support Service
Most Popular

For those who want to know more about manual production and instruction manual creation

Contact Us (Free)

Tokyo Headquarters: +81 35-321-3111

Reception hours: 9:30 AM to 5:00 PM JST

<path id="4"></path> Facebook <path id="14"></path> Twitter <path id="24"></path> LinkedIn

Return to the top of the page

Contact Us / Request for Materials