Explore the key differences between OAuth, SAML, and OpenID Connect in this informative conference talk. Gain a comprehensive understanding of these essential identity federation protocols, their unique features, and use cases. Learn about front-channel and back-channel communication, assertions, JWTs, claims, attributes, and the roles of various entities like IDPs, SPs, OPs, and RPs. Discover how each protocol impacts application security and which solutions are best suited for different requirements. Delve into the evolution of identity federation, from SAML to the more developer-friendly, JSON-centric approaches. Examine OAuth roles, authorization requests, scopes, and grants, as well as the distinctions between OAuth and SAML. Investigate OpenID Connect and its implementation in JavaScript and server-side environments. Conclude with best practices for OAuth implementation and explore additional resources for further learning.
Overview
Syllabus
Introduction
Questions
federated identity
authentication protocols
web for authentication
SAML
New requirements
JSON centric
Developerfriendly
SAML 101
OAuth Roles
OAuth Authorization Request
OAuth Scopes
OAuth Grants
OAuth vs SAML
OpenID Connect
JavaScript vs Serverside
Recap
Request signing
OAuth
OAuth best practices
Gluorg
Clients
Wrapup
Taught by
LASCON
