Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

OAuth and Mandatory Access Control: Beyond Discretionary Access Control - Lecture 4

OWASP Foundation via YouTube

Overview

Explore the limitations of OAuth and the need for Mandatory Access Control (MAC) in this conference talk from OWASP AppSec EU 2018. Delve into the differences between OAuth and SAML, understanding their distinct goals in access control. Examine the development community's shift towards OAuth and the challenges it presents when projects require both user-controlled access and compliance with security policies. Learn about ad-hoc extensions being built by vendors to address the need for mandatory access control, often based on Role-Based Access Control (RBAC). Discover the emerging consensus on these extensions and the potential for their standardization. Consider the long-term benefits of moving beyond RBAC and the need for further research, vendor attention, and standardization efforts in the field of access control.

Syllabus

OAuth is DAC. What do you do for MAC? - Johan Peeters

Taught by

OWASP Foundation

Reviews

Start your review of OAuth and Mandatory Access Control: Beyond Discretionary Access Control - Lecture 4

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.