Panel | Identity vs Authorization - Where to Draw the Line

In order to watch this video, you have to log in or create an account, if you don't have one yet.
This video is only available to registered participants of the event.


We will look at OAuth protocol and its misusage for authorization purposes. What is the difference between client and user authorization and at which stage should each happen? We will revise what Identity is at its core and what should or should not be part of it. And what about Group Membership – a ‘domain-driven’ advise how to triage roles between Identity and Authorization. All these best practices are backed by real-life experience.

- OAuth and its misusage as an authorization protocol
- Essence of Identity
- Difference between client authorization and user authorization in the context of OAuth
- Group Membership – where do roles belong?
- Theory backed by practice

Hristomir Hristov, Solutions Architect, KPMG
Martin Manov, Software Architect, Cobuilder International
Fabian Süß, Project Manager, KuppingerCole

Language: English • Duration: 22:52 • Resolution: 1280x720

Learn more about this hybrid event


KuppingerCole PLUS

Get access to the whole body of KC PLUS research including Leadership Compass documents for only €800 a year

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00