JJ Philipp

Roadblock Title:

How to Propagate Identity Across Every Service for Zero-Trust and Observability

Time:

Wednesday - 2 PM (Windows)

Abstract:

In many systems, the “who” (authentication) is stripped away at the gateway, leaving internal services to rely on blind trust. By using signed token contexts. We ensure that every HTTP call, gRPC request, event, and application path carries the original user’s intent and identity for observability and auditability. We will demonstrate how Moov implements this to ensure that a developer viewing a trace in Honeycomb today and Lookback tomorrow sees the complete context required to view the user’s intent.

Bio:

Principal engineer, chief chaos monkey, and lead DDoS orchestrator at Moov, focusing on event-driven architectures, observability, scale, and auth systems. Outside of work, I’m working (work can be one of my too many hobbies, right?!). Otherwise, I’m getting Aroo-roo’d by a husky/malamute named Leia, drinking around the world at Epcot, and collecting far too many tiki mugs and Star Wars figures. Will work for bourbon and barbecue.