Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

2019 | Modern Identity for Developers 101 | Identiverse | Day 1, June 25 | Washington D.C.

78 visualizaciones

Publicado el

Modern identity promises to solve some of the thorniest problems that historically plagued handling authentication and access control in applications.
That sounds great in theory, but how do thinks really look like when the rubber hits the road - what does it take to incorporate modern identity in your applications development practice?
Come to this session to learn the basis of modern identity development and be better equipped to understand and participate to the session in this year's Identiverse development track.

Publicado en: Tecnología
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ,DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yyxo9sk7 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Responder 
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí

2019 | Modern Identity for Developers 101 | Identiverse | Day 1, June 25 | Washington D.C.

  1. 1. ® MODERN IDENTITY FOR DEVELOPERS 101 VITTORIO BERTOCCI PRINCIPAL ARCHITECT, AUTH0 VITTORIO@AUTH0.COM @VIBRONET WWW.CLOUDIDENTITY.COM
  2. 2. ® Modern Identity…? …I hate you. Dale Olds Principal Engineer, Platform identity Architect at VMWare
  3. 3. ® Goals • Introduce main patterns, artifacts, terminology of modern auth • Discuss concrete impact on development practices • Equip you to better understand the developer track sessions • Prerequisites • You know about development • You know about (classic) identity
  4. 4. ® Agenda • Classic authentication • Modern identity patterns • Externalizing authentication • Delegated authorization • Solution components • Modern experiences • Federation, HRD, consent, MFA…
  5. 5. ® Classic authentication - passwords
  6. 6. ® Classic authentication - kerberos
  7. 7. ® Modern Identity Patterns
  8. 8. ® Modern Authentication Core Pattern IdP Trust Protocols Tokens Claims Sessions
  9. 9. ® Demo
  10. 10. ® Delegated authorization Delegation Authorization server Scopes Access token Refresh token Consent
  11. 11. ® Delegated authorization Delegation Authorization server Scopes Access token Refresh token Consent
  12. 12. ® API • OAuth2 addresses… • Delegated authorization • For 3rd party API • There’s no spec for 1st party API, so we use the same pattern • The access token content varies according to the scenario • Passing by reference vs value
  13. 13. ® Topologies and scenarios
  14. 14. ® Components
  15. 15. ® Protocols & Tokens • SAML still going strong for web sign on • OpenID Connect & OAuth2 for everything else • Web SSO • API calls from any client type • Hybrids • JWT the de facto standard for most flows
  16. 16. ® Identity providers • Protocol facades on top of cred stores • IDaaS: Auth0, Azure AD, Azure AD B2C, Google • Products: OKTA, ADFS, PingFederate • SDKs and OSS toolkits: IdentityServer, WSO2 • All require application registration • Portals, API, config
  17. 17. ® Application integration • Resource side • Every major dev stack offers middleware for OIDC, API protection • Alternative approachs: fabric, API gateways • Requestor side • Requestor SDKs are also available • Often service-specific: ADAL, MSAL • Generic SDKs: AppAuth, IdentityModel
  18. 18. ® Experiences
  19. 19. ® Federation & home realm discovery • Determining where the user should authenticate/come from • Different techniques • Identifier first, nascar • Tension with SSO
  20. 20. ® Consent • Amazing for • Empowering end users • Enabling viral sign up models • Less amazing for • Business environments (every extra click is potential error surface) • Tracking grants • Access to multiple resources
  21. 21. ® Key takeaways • Mostly, redirects • Lots of vendors, but all the same functional components
  22. 22. ® The Developer Track at Identiverse 25-Jun-19 10:30 Modern identity for developers Vittorio Bertocci 26-Jun-19 14:00 Deploy OpenID Connect and OAuth 2.0 with a Reverse Proxy Architecture Hans Zandbelt 27-Jun-19 14:00 Beyond AuthN and Authz: Cloud IAM ready applications architectures Tarek Dawoud and Ramiro Calderon 27-Jun-19 14:35 Securing Web APIs from JavaScript/SPAApplications Brock Allen 27-Jun-19 15:10 Security patterns for keeping secrets in the browser Philippe De Ryck 27-Jun-19 15:45 Developer Enablement with Centralized Access Management Dan McNulty 27-Jun-19 16:25 The Developer’s Guide to the Policy-Driven Authorization David Brossard 27-Jun-19 17:00 Automated testing of your IAM platform Paul Heaney 27-Jun-19 17:35 Surviving API Security in a Microservices World Michele Leroux Bustamante 28-Jun-19 9:30 Scale Permissions Management with Attribute-based Access Control Brigid Johnson
  23. 23. ® Dig deeper • All the intro sessions happened before or during this one • Catch the recordings! OAuth2 masterclass, Introduction to Identity • Brand-new online courses at https://auth0.com/docs/videos/learn-identity • Want the same clipart I used? https://Identicons.dev • Want to chat further? • Find me here at identiverse, or… • vittorio@auth0.com • @vibronet
  24. 24. ®

×