BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.cloud-native.rejekts.io//cloud-native-rejekts-europe
 -london-2025//XB7EUR
BEGIN:VTIMEZONE
TZID:GMT
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:GMT
TZOFFSETFROM:+0100
TZOFFSETTO:+0000
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T020000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:BST
TZOFFSETFROM:+0000
TZOFFSETTO:+0100
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-cloud-native-rejekts-europe-london-2025-U99JU3@cfp.cloud-native
 .rejekts.io
DTSTART;TZID=GMT:20250330T151000
DTEND;TZID=GMT:20250330T154000
DESCRIPTION:OpenID Connect (OIDC) and mutual TLS are popular authentication
  mechanisms used widely in cloud native environments\, and commonly as a b
 asis for workload identity in SPIFFE. However\, OIDC tokens are prone to i
 nterception\, replay\, and forwarding attacks and are unable to guarantee 
 end-to-end request authenticity. Mutual TLS solves those problems at the t
 ransport layer\, but is rarely used in browsers\, and seldom fully end-to-
 end in microservices-oriented systems. HTTP Message Signatures is a new IE
 TF specification that aims to solve credential replay\, forwarding and end
 -to-end integrity attacks\, and be broadly deployable. \n\nThis talk intro
 duces the audience to HTTP Message Signatures and demonstrates its securit
 y benefits to authentication in cloud native\, microservice-oriented\, sys
 tems. Further\, we’ll cover how the use of smart caching and replication
  allows this protocol to scale to millions of requests per second\, and ho
 w this could be integrated with SPIFFE.
DTSTAMP:20260412T094036Z
LOCATION:The Nash
SUMMARY:End to End Message Authenticity in Cloud Native Systems - Lucas Kä
 ldström\, Micah Hausler
URL:https://cfp.cloud-native.rejekts.io/cloud-native-rejekts-europe-london-
 2025/talk/U99JU3/
END:VEVENT
END:VCALENDAR