Talks
Speakers
Events
Topics
Sign in
Home
Talks
Speakers
Events
Topics
Leaderboard
Use
Analytics
Sign in
Suggest modification to this talk
Title
Description
Identity management? Stick a username and (hashed) password in a database, and done! That's how many apps get started, at least. But what happens once you need single sign-on across multiple domains, or if you'd rather avoid the headache of managing those passwords to begin with? This session will cover protocols (and pitfalls) for delegating the responsibility of identity management to an outside source. We'll take a look at SAML, OAuth, and OpenID Connect, considering both the class of problems they solve, and some new ones they introduce!
Date
Summarized using AI?
If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.
Show "Summarized using AI" badge on summary page
Summary
Markdown supported
In the video titled "Who Are You? Delegation, Federation, Assertions and Claims," Lyle Mullican discusses the complexities of user authentication and the protocols associated with it. The session highlights the importance of understanding authentication from a developer's perspective, particularly in an environment that demands single sign-on capabilities across different domains. Mullican emphasizes two main reasons for developers to care about authentication systems: the foundational role these systems play in overarching security measures, and the inevitable failure of abstractions leading to the need for deeper understanding of lower-level details. Key points discussed include: - **Authentication Basics**: Mullican elaborates on the challenges in establishing identity, drawing analogies to physical scenarios like airport security processes. - **Local Authentication**: He explains local authentication with username and password, describing it as simple yet increasingly problematic in complex applications, particularly those requiring access to multiple systems. - **Federation and Single Sign-On**: He defines federation, which centralizes user information, and single sign-on (SSO), which allows users to authenticate once and access multiple applications without the need for multiple credentials. - **Protocols Overview**: The presentation reviews several key protocols: - **SAML (Security Assertion Markup Language)**: The first widely adopted SSO protocol that enables assertions between identity providers and service providers, along with its operational workflows. - **OAuth**: While primarily an authorization protocol, OAuth allows for credential delegation, but is not ideal for pure authentication needs. - **OpenID Connect**: A modern layer built on OAuth for handling authentication specifically, providing simpler JSON structures and workflows suited for modern applications. - **Security Implications**: Mullican discusses the critical importance of security in implementing these protocols, particularly common pitfalls in their configurations, such as defects in trust relationships and assumptions about data. - **Practical Implementation**: He encourages developers to engage with these protocols by building local instances of identity providers or utilizing online tools to better understand the processes. In conclusion, while protocols like SAML, OAuth, and OpenID Connect offer valuable frameworks, they require careful implementation and awareness of security risks involved with each method. The key takeaway is that developers should not only leverage existing gems and libraries for these protocols but also remain vigilant about the assumptions they make regarding user data and the trustworthiness of the identities being handled.
Suggest modifications
Cancel
