SecAppDev 2020 Lecture Details
Advanced OAuth for security-sensitive applications
Thursday March 12, 14:00 - 15:30
OAuth has become the standard for API authorization because of its simplicity and versatility. This talk will present battle-proven patterns and OAuth extensions that should be used when building security-sensitive applications.
OAuth is an excellent framework for building both secure and user/developer-friendly APIs. The main reason is that OAuth decouples the interactive user authentication process from the actual API invocations. But is this pattern suited for security-sensitive applications such as payments? How does one ensure it's the legit client requesting the payment with the authorized amount? What about token leakage and other potential attacks? This talk presents design patterns and suitable OAuth extensions that can be used to address these and other challenges arising when building security-sensitive applications.
Understand the patterns and extensions required to build security-sensitive applications with OAuth
Anyone building, designing or securing APIs and applications with OAuth
Understanding of the practicalities of OAuth 2.0
Dr. Torsten Lodderstedt
Dr.-Ing. Torsten Lodderstedt is CTO of yes.com, a startup building an identity scheme for banks and their customers. With more than a decade experience in building and running large scale identity services he regularly contributes to OAuth & OpenID. His current focus is on OAuth Security and its use in security sensitive applications like financial services and remote electronic signing.
Related identity and access management sessions
OAuth 2.0 Security Reinforced
Lecture by Dr. Torsten Lodderstedt
OAuth 2.0 has become the standard for API authorization. Practical experience and security research have shown a need for updated security guidelines that will be presented in this session.
Identity and access management Wednesday March 11, 16:00 - 17:30
A practical introduction to OIDC (and OAuth 2.0)
Lecture by Dominick Baier
OIDC and OAuth 2.0 have become the de facto standard to implement authentication and authorization in modern applications. This session introduces their features, such as authentication, sessions, and protocol flows.
Identity and access management Wednesday March 11, 11:00 - 12:30
OIDC and OAuth 2.0 – Tips from the trenches
Lecture by Dominick Baier
Building an API-based system with OIDC and OAuth 2.0 raises quite a few questions. In this session, we answer these questions using common patterns and anti-patterns derived from real-world scenarios.
Identity and access management Thursday March 12, 11:00 - 12:30
Making smart choices from the authentication cookbook
Lecture by Philippe De Ryck
Modern applications need to authenticate users and services in various scenarios. This session focuses on helping architects and developers understand the different authentication mechanisms and their purpose.
Identity and access management Tuesday March 10, 11:00 - 12:30