OAuth & OpenID Connect

  • TYPE: Combined Session DATE: Thursday, May 16, 2019 TIME: 12:00-13:00 LOCATION: AMMERSEE I
Track

OAuth 2.0 Security Reinforced

The OAuth working group recently decided to discourage use of the implicit grant. But that’s just the most prominent recommendation the working group is about to publish in the upcoming OAuth 2.0 Security Best Current Best Practice (https://tools.ietf.org/html/draft-ietf-oauth-security-topics), which will elevate OAuth security to the next level. The code flow shall be used with PKCE only and tokens should be sender constraint to just mention a few. Development of this enhanced recommendations was driven by several factors, including experiences gathered in the field, security research results, the increased dynamics and sensitivity of the use cases OAuth is used protect and technological changes. This session will present the new security recommendations in detail along with the underlying rationales.
Key takeaways:

  • the OAuth working group is publishing new security guidelines for OAuth 2.0
  • the implicit grant should no longer be used, so especially the way OAuth is used for Single Page Applications (SPAs) must be changed
  • other practices, like the code flow and bearer access tokens, will need to change as well
  • reasons for the changes: deployment experiences, security research, increased security requirements due to more sensitive use cases and dynamic scenarios

Log in to download the presentation:  

Speaker:

Dr.-Ing. Torsten Lodderstedt is CTO of yes.com, a startup building an identity scheme for banks and their customers. Before joining yes.com, he served for a decade in different roles at Deutsche Telekom’s identity team, building and operating large-scale consumer identity services. In his...


Moderators:

Session Links


Munich, Germany

Congress

European Identity & Cloud Conference 2019

Language:
English
Registration fee:
€2100.00 $2625.00 S$3360.00 23100.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
  • May 14 - 17, 2019 Munich, Germany