Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Public Key Caching Strategies for Token Signature Validation - DevSecCon

DevSecCon via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore public key caching strategies for token signature validation in this DevSecCon conference talk. Delve into the world of modern access delegation and consumer authentication protocols, focusing on OAuth2 and OpenID Connect. Learn about JSON Web Tokens (JWTs) and their implementation using asymmetric cryptography. Understand the importance of public key verification for token trust and the performance benefits of local key storage and caching. Examine the challenges posed by dynamic key management and the need for cache refreshing when token signing keys are changed. Compare different caching strategies, including "On-Demand Refresh," "Regular Refresh," and "Refresh on Expiry," evaluating their performance and security trade-offs. Gain valuable insights into the benefits and liabilities of each approach, enabling you to make informed decisions about implementing public key caching in your own systems.

Syllabus

Intro
What We Are Going to Cover Today
Brief Intro: Assymmetric (Public Key) Cryptography
Brief Intro: JSON Web Token (JWT)
Brief Intro: OAuth 2.0 and OpenID Connect
Public Key Management Options
Rationale for Public Key Caching
"On-Demand Refresh" Caching Strategy
'Regular Refresh Caching Strategy
Refresh on Expiry' Caching Strategy
Recommendations

Taught by

DevSecCon

Reviews

Start your review of Public Key Caching Strategies for Token Signature Validation - DevSecCon

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.