217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz

Показать описание

OAuth, SAML and OpenID Connect are the most important identity federation protocols in use today. Yet the many security architects struggle to express the differences between them. Front-channel, back-channel, assertion, JWT, claims, attributes, IDP, SP, OP, RP--there is a lot of jargon, and some of it seems to overlap. This compare / contrast session will help you understand the differences!

Many application security experts are making important decisions about which identity federation protocol to use for single sign-on for their next-generation application platform. There has been a lot of innovation in the area of identity federation in the last few years, and it's hard to keep up. It's really helpful if security architects can be presented with a summary of what's the same (or just re-named), what's different, and what's new. No assumptions will be made about previous expertise. Each protocol will be given a summary introduction, with references to the parts of the standard that are most commonly used, and which parts are esoteric. The security level of an application is impacted based on the protocol and features used. SAML, OpenID Connect and OAuth offer several profiles, enabling the implementation of both high and low assurance trust frameworks. This topic will also be addressed to help clarify which solutions are best suited for which requirements.

LASCON

Рекомендации по теме

Комментарии

The beauty is he started from history and explained how these things evolved. thanks for posting.

kaushit

Wow, great talk! The content is recent and relevant as of 2019. The design of the slides themselves may lack, but the content and knowledge of the presenter is extraordinary.

Rarez

I come back to this video, rich information content

ibroschool

Can someone please explain to me why he mentioned LDAP authentication is not a good idea?

DIFFIEH

I really wished he had compared the flows.

jayak

Keep the camera on the slides, not the speaker

djn

Take a shot every time he says 'Uhm'
I'm typing this in the hospital

lukebakare

The A/V equipment never works right when you're trying to do a presentation!

dommerdom

The verbal "Uhm" tick this guy has is too much. I cannot listen to it. Shame, he seems to have a lot o say on the subject.

Solthebat

actually he doesn't answer to the questions he just turned around!

aimaneelouafi

good material, poor delivery!! Umm !!

emlynedmunds

PPT is not readable
Overall video quality make the tutorial less interesting.

ashu

217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz

217 - OAuth vs. SAML vs. OpenID Connect - Michael Schwartz

SAML vs OAuth vs OIDC (explained simply!)

SAML Vs OAuth Vs Openid Differences and Application

Which is better OAuth or SAML?

An Illustrated Guide to OAuth and OpenID Connect

OAuth 2.0 & OpenID Connect (OIDC): Technical Overview

What is the difference between SAML and OAuth?

What is the difference between OpenID and SAML?

SAML 2.0: Technical Overview

Diff OpenID Connect Vs SAML Vs OAuth 2.0? What is Identity Providers? What SAML? What is OAuth 2.0?

OAuth 2.0 and OpenID Connect (in plain English)

Is OAuth more secure than SAML?

MDOYVR22 - Joel Rennich - SAML, OAUTH, OPENID Connect

Picking the right Single Sign On Protocol: WS-Fed, SAML2 or OpenID Connect - Anders Abel

What is SAML and OAuth?

OpenID Connect as SSO Solution: Strengths and Weaknesses - Álvaro Iradier, Sysdig

OAuth and SAML: A Love Story for Valentine's Day

Identity & Access Management | MFA | SSO | SAML | OAUTH | OpenID Connect

AzureAD - WS-Fed vs SAML vs OAuth

OAuth, OpenID, and SAML Crash Course Security for Web and Mobile - Course Overview

SAML VS WS-FED

Learn OAuth2.0 & OpenID Connect in Under 20 minutes

Auth0 Online Meetup #8 OAuth, OpenID Connect, and SAML 2 0

How SAML, OAUTH, and other Identity Federation Solutions Work in a Windows Enterprise