Important notice about SecAppDev 2020
Due to the current situation with COVID-19 (Corona), with deep regret, we feel bound to postpone SecAppDev 2020 indefinitely. While there have been no official instructions to postpone events such as ours or reduce travel, both attendees and speakers have informed us that they are unable to attend SecAppDev.
We hope everyone in SecAppDev stays healthy, and wish everyone the best for the coming months.
SecAppDev 2020 Lecture Details
OIDC and OAuth 2.0 – Tips from the trenches
Thursday March 12, 11:00 - 12:30
Building an API-based system with OIDC and OAuth 2.0 raises quite a few questions. In this session, we answer these questions using common patterns and anti-patterns derived from real-world scenarios.
There are typical architectural patterns around identity & access control for modern service-based applications. OIDC and OAuth 2.0 are the enablers for these architectures. Building such a system raises challenges and questions, such as which protocol flow to choose, how to design tokens, how to connect your various (new and old) clients to the token-based system, how to handle token lifetime management, etc.
In this session, we look at common patterns and anti-patterns on designing token-based systems.
Advice on designing token-based authentication and authorization using OIDC and OAuth 2.0.
Anyone building, designing or securing API-based applications
OAuth 2.0 and OIDC basics.
SecAppDev is the most immersive application security course you have ever seenBook your seat now
Dominick Baier is an independent consultant specializing in identity & access control. He helps companies around the world designing & implementing authentication and authorization for their distributed web and native applications. He’s the co-author of IdentityServer, which is the de-facto standard library for building OpenID Connect & OAuth 2.0 servers for the .NET Framework. He also co-founded PolicyServer, has written a couple of books, and regularly blogs on OAuth 2.0 and OIDC.
Related identity and access management sessions
OAuth 2.0 Security Reinforced
Lecture by Dr. Torsten Lodderstedt
OAuth 2.0 has become the standard for API authorization. Practical experience and security research have shown a need for updated security guidelines that will be presented in this session.
Identity and access management Wednesday March 11, 16:00 - 17:30
Advanced OAuth for security-sensitive applications
Lecture by Dr. Torsten Lodderstedt
OAuth has become the standard for API authorization because of its simplicity and versatility. This talk will present battle-proven patterns and OAuth extensions that should be used when building security-sensitive applications.
Identity and access management Thursday March 12, 14:00 - 15:30
A practical introduction to OIDC (and OAuth 2.0)
Lecture by Dominick Baier
OIDC and OAuth 2.0 have become the de facto standard to implement authentication and authorization in modern applications. This session introduces their features, such as authentication, sessions, and protocol flows.
Identity and access management Wednesday March 11, 11:00 - 12:30
Making smart choices from the authentication cookbook
Lecture by Philippe De Ryck
Modern applications need to authenticate users and services in various scenarios. This session focuses on helping architects and developers understand the different authentication mechanisms and their purpose.
Identity and access management Tuesday March 10, 11:00 - 12:30
Modern access control policy enforcement
Lecture by Jim Manico
This talk will discuss security principles that will help developers build modern access control solutions that are flexible enough to satisfy almost any complex access control security requirement.
Identity and access management Wednesday March 11, 09:00 - 10:30