Overview
Explore the limitations of OAuth and the need for Mandatory Access Control (MAC) in this conference talk from OWASP AppSec EU 2018. Delve into the differences between OAuth and SAML, understanding their distinct goals in access control. Examine the development community's shift towards OAuth and the challenges it presents when projects require both user-controlled access and compliance with security policies. Learn about ad-hoc extensions being built by vendors to address the need for mandatory access control, often based on Role-Based Access Control (RBAC). Discover the emerging consensus on these extensions and the potential for their standardization. Consider the long-term benefits of moving beyond RBAC and the need for further research, vendor attention, and standardization efforts in the field of access control.
Syllabus
OAuth is DAC. What do you do for MAC? - Johan Peeters
Taught by
OWASP Foundation