OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication – Aaron Parecki – ASW #289
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable.
Segment Resources:
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Aaron Parecki is an Identity Standards Architect at Okta with over 15 years of experience in the industry. He is active in multiple standards development organizations (SDOs), including IETF, OpenID Foundation, and W3C. He is the editor of OAuth 2.1 along with several other OAuth specifications, and co-chairs the SCIM working group at IETF. He has taught the fundamentals of OAuth and online security to thousands of developers worldwide through his book OAuth 2.0 Simplified as well as video courses and live online trainings.
Hosts
