SecAppDev 2024 lecture details
Introduction to Macaroons
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Wednesday June 5th, 14:00 - 15:30
Room Lemaire
Download handoutsAbstract
Macaroons are a novel approach to authorization, based on cryptographic tokens that can be attenuated at any time by adding “caveats”. Introduced by a Google research paper in 2014, Macaroons have seen recent adoption by some cloud providers and OAuth2 servers.
In this session, we’ll describe in detail what Macaroons are, how they are implemented, and when they are useful. We will compare and contrast with other well-known standards such as JSON Web Tokens. Finally, we will look at some more recent token formats such as Biscuits that build on Macaroons.
Key takeaway
Learn when to use Macaroons vs other technologies for authentication tokens.
Content level
Introductory
Target audience
Back-end and front-end developers, technical architects, identity professionals.
Prerequisites
Basic knowledge of cryptography, in particular what a MAC is, digital signatures, encryption.
Neil Madden
Founder and CEO, Illuminated Security Ltd
Expertise: Application security and applied cryptography
Related lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Security Signals - A framework to scale web security
Introductory lecture by Slawomir Goryczka in room West Wing
Tuesday June 4th, 14:00 - 15:30
Learn about Security Signals, a data-driven framework to scale web security, provide insights into security stance, and unique capabilities to manage security mitigations and remediations with high coverage, precision, and recall.
Key takeaway: Understand how and why security web infrastructure is built, used, and maintained at scale, also learn its components and capabilities it’s providing.
Security foundations for modern web applications
Introductory lecture by Philippe De Ryck in room West Wing
Monday June 3rd, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications