Overview
Explore modern and secure Identity and Access Management (IAM) for contemporary applications in this 32-minute conference talk. Delve into key concepts including OpenID, JSON Web Tokens, and FIDO protocols. Learn about the Authorization Code Flow, SAML, and public key cryptography. Understand the benefits of modern IAM systems, certification processes, and custom implementations. Examine NIST guidelines and the Application Security Verification Standard. Compare traditional and modern IAM approaches, and gain insights into phishing prevention and various forms of authenticators. Conclude with a demonstration of a FIDO server and participate in a Q&A session.
Syllabus
Intro
Identity
Secure IAM
Studies
NIST
Application Security Verification Standard
Traditional IAM
Modern IAM
OpenID
OpenID Foundation
JSON Web Token
Authorization Code Flow
Discovery End Point
Public Key
SAML
Benefits
Certification
Custom Implementation
FIDO
Public Key Cryptography
Different Protocols
Phishing
Forms of Authenticator
Demo
FIDO Server
Questions
Taught by
OWASP Foundation