Data, within modern distributed applications, are rarely exchanged over a single point-to-point transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol routes — across data centers, through queues and caches, via gateways and brokers — before reaching their end destination.
Transport layer security protocols are unable to protect application messages because their protection is constrained by the length and duration of the underlying transport connection.
The Ockam crate makes it simple for our applications to guarantee end-to-end integrity, authenticity, and confidentiality of data.
We no longer have to implicitly depend on the defenses of every machine or application within the same, usually porous, network boundary. Our application's messages don't have to be vulnerable at every point, along their journey, where a transport connection terminates.
Instead, our application can have a strikingly smaller vulnerability surface and easily make granular authorization decisions about all incoming information and commands.
It this talk we'll dig into how Ockam works and how you can use it in your application.
YOU MAY ALSO LIKE: