Minor docs updates

Signed-off-by: Alex Ellis (VMware) <[email protected]>

Author: alexellis

docs/reference/authentication.md

@@ -12,7 +12,7 @@ These APIs exist at:
 
 We recommend using basic authentication and a strong password to protect the `/system/` route, but it is not the only option. If you prefer you can use a reverse proxy project such as [Kong](https://getkong.org/docs/) to enable OAuth or a similar strategy.
 
-The API Gateway as of version 0.8.2 provides built-in basic authentication. To use it set the environmental variable `basic_auth` to true. Then create two secrets named `basic-auth-user` and `basic-auth-password`.
+The API Gateway as of version 0.8.2 provides built-in basic authentication. To use it set the environmental variable `basic_auth` to `true`. Then create two secrets named `basic-auth-user` and `basic-auth-password`.
 
 Once basic authentication is enabled you will need to use `faas-cli login` before using the CLI.
 
@@ -26,3 +26,5 @@ Functions are exposed at:
 Functions exposed on OpenFaaS often do not need to have authentication enabled, this is because they may be responding to webhooks from an external system such as GitHub or Patreon. Neither GitHub, nor Patreon will support authenticating with OAuth or basic authentication strategies, but rely on HMAC.
 
 HMAC involves a shared symmetric secret - both parties store the key securely. The sender computes a hash of the body of the request with their symmetric key and sends this data to the receiver along with the hash value in the HTTP header. The receiver then computes a hash of the body with their copy of the key and checks that this matches what the sender supplied in the HTTP header. See the reference on [secrets](./secrets.md) for a walk-through on using secret values with functions.
+
+See also: [Lab 11: Enabling trust with HMAC](https://github.com/openfaas/workshop/blob/master/lab11.md) from the OpenFaaS workshop.

docs/reference/workloads.md

@@ -36,6 +36,6 @@ Custom binaries can also be used as a function. Just use the `dockerfile` langua
 
 A stateless microservice can be built using the `dockerfile` language type and the OpenFaaS CLI - or by building a custom Docker image which serves traffic on port `8080` and deploying that via the RESTful API, CLI or UI.
 
-An example of a stateless microservice may be an Express.js & Node.js app, a Sinatra Ruby app or an ASP.NET 2.0 site.
+An example of a stateless microservice may be an Express.js application using Node.js, a Sinatra app with Ruby or an ASP.NET 2.0 Core web-site.
 
 Use of the [OpenFaaS next-gen of-watchdog](https://github.com/openfaas-incubator/of-watchdog) is optional, but recommended for stateless microservices to provide a consistent experience for timeouts, logging and configuration.