217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz
OAuth, SAML and OpenID Connect are the most important identity federation protocols in use today. Yet the many security architects struggle to express the differences between them. Front-channel, back-channel, assertion, JWT, claims, attributes, IDP, SP, OP, RP--there is a lot of jargon, and some of it seems to overlap. This compare / contrast session will help you understand the differences!
Many application security experts are making important decisions about which identity federation protocol to use for single sign-on for their next-generation application platform. There has been a lot of innovation in the area of identity federation in the last few years, and it's hard to keep up. It's really helpful if security architects can be presented with a summary of what's the same (or just re-named), what's different, and what's new. No assumptions will be made about previous expertise. Each protocol will be given a summary introduction, with references to the parts of the standard that are most commonly used, and which parts are esoteric. The security level of an application is impacted based on the protocol and features used. SAML, OpenID Connect and OAuth offer several profiles, enabling the implementation of both high and low assurance trust frameworks. This topic will also be addressed to help clarify which solutions are best suited for which requirements.
Видео 217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz канала LASCON
Many application security experts are making important decisions about which identity federation protocol to use for single sign-on for their next-generation application platform. There has been a lot of innovation in the area of identity federation in the last few years, and it's hard to keep up. It's really helpful if security architects can be presented with a summary of what's the same (or just re-named), what's different, and what's new. No assumptions will be made about previous expertise. Each protocol will be given a summary introduction, with references to the parts of the standard that are most commonly used, and which parts are esoteric. The security level of an application is impacted based on the protocol and features used. SAML, OpenID Connect and OAuth offer several profiles, enabling the implementation of both high and low assurance trust frameworks. This topic will also be addressed to help clarify which solutions are best suited for which requirements.
Видео 217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz канала LASCON
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
OAuth 2.0 and OpenID Connect (in plain English)Introduction to SAML - Chalktalk on what is it, how it is usedSAML OverviewIdentity and Access Management: Technical OverviewOAuth and OpenID Connect for MicroservicesIntro to SAML: What, How and WhySAML vs OAuth vs OIDCMicroservice Authentication and Authorization | Nic JacksonEverything You Ever Wanted to Know About OAuth and OIDCSingle Sign On (SSO): Understanding Metadata File | SAML Request and ResponseOAuth 2.0 and OpenID Connect in Plain English! - Nate Barbettini - PADNUGOAuth 2.0 & OpenID Connect (OIDC): Technical OverviewOAuth 2.0: An OverviewIntroduction to OAuth 2.0 and OpenID Connect • Philippe De Ryck • GOTO 2018Demystifying SAML Using Spring SecurityA Developer's Guide to SAMLAn Illustrated Guide to OAuth and OpenID ConnectSAML From A Hackers Perspective - Part 2 Analyzing SAML FlowSAML 2.0: Technical OverviewOAuth Grant Types