In this Hoot, we'll look at JWT and mTLS for service-to-service authentication. The two approaches look similar, but implementing them is not straightforward. If we want to implement mTLS for service-to-service authentication, we have to solve the problems around certificate management. Ideally, we want short-lived certificates, which involve frequently rotating certificates across all deployments, and that alone makes implementing it a daunting task.
This might make JWT look like a better option and easier to implement. We've been hearing about centralizing functionality into API gateways, so individual services don't have to worry about it. When thinking about implementing JWTs for service-to-service authentication, we're undoing this centralization and moving functionality back into services. It's clear that JWT has its own problems, and it's not a good fit for service-to-service authentication, especially when we know better options are available.
Many enterprises are now considering service meshes for securing service communication. Istio service mesh is stable, mature, and available and implements mTLS for service authentication.
Join Christian Posta and Peter Jausovec in this live stream, where they'll look at the different scenarios and issues with using JWT in service authentication and show how Istio with mTLS is a better option for many enterprises.