217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz
OAuth, SAML and OpenID Connect are the most important identity federation protocols in use today. Yet the many security architects struggle to express the differences between them. Front-channel, back-channel, assertion, JWT, claims, attributes, IDP, SP, OP, RP--there is a lot of jargon, and some of it seems to overlap. This compare / contrast session will help you understand the differences!
Many application security experts are making important decisions about which identity federation protocol to use for single sign-on for their next-generation application platform. There has been a lot of innovation in the area of identity federation in the last few years, and it's hard to keep up. It's really helpful if security architects can be presented with a summary of what's the same (or just re-named), what's different, and what's new. No assumptions will be made about previous expertise. Each protocol will be given a summary introduction, with references to the parts of the standard that are most commonly used, and which parts are esoteric. The security level of an application is impacted based on the protocol and features used. SAML, OpenID Connect and OAuth offer several profiles, enabling the implementation of both high and low assurance trust frameworks. This topic will also be addressed to help clarify which solutions are best suited for which requirements.
Видео 217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz канала LASCON
Many application security experts are making important decisions about which identity federation protocol to use for single sign-on for their next-generation application platform. There has been a lot of innovation in the area of identity federation in the last few years, and it's hard to keep up. It's really helpful if security architects can be presented with a summary of what's the same (or just re-named), what's different, and what's new. No assumptions will be made about previous expertise. Each protocol will be given a summary introduction, with references to the parts of the standard that are most commonly used, and which parts are esoteric. The security level of an application is impacted based on the protocol and features used. SAML, OpenID Connect and OAuth offer several profiles, enabling the implementation of both high and low assurance trust frameworks. This topic will also be addressed to help clarify which solutions are best suited for which requirements.
Видео 217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz канала LASCON
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
OAuth 2.0 and OpenID Connect (in plain English)
Introduction to SAML - Chalktalk on what is it, how it is used
SAML Overview
Identity and Access Management: Technical Overview
OAuth and OpenID Connect for Microservices
Intro to SAML: What, How and Why
SAML vs OAuth vs OIDC
Microservice Authentication and Authorization | Nic Jackson
Everything You Ever Wanted to Know About OAuth and OIDC
Single Sign On (SSO): Understanding Metadata File | SAML Request and Response
OAuth 2.0 and OpenID Connect in Plain English! - Nate Barbettini - PADNUG
OAuth 2.0 & OpenID Connect (OIDC): Technical Overview
OAuth 2.0: An Overview
Introduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018
Demystifying SAML Using Spring Security
A Developer's Guide to SAML
An Illustrated Guide to OAuth and OpenID Connect
SAML From A Hackers Perspective - Part 2 Analyzing SAML Flow
SAML 2.0: Technical Overview
OAuth Grant Types