AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
Back To Schedule
Thursday, July 5 • 1:30pm - 2:15pm
OAuth is DAC. What do you do for MAC? LIMITED

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Such is the frustration of the development community with SAML, that most new projects requiring access control turn to OAuth. Yet the goals of the OAuth are completely different to SAML’s: the former gives the end user control over who has access to their resources, while the latter is mainly used to enforce compliance to security policy. Most projects need both, so vendors are building ad-hoc extensions to their authorization servers to meet the need for mandatory access control, many of which are RBAC-based. The emerging consensus on these extensions should, on the one hand, find its way into standards in the short term. In the long term, on the other hand, the industry would benefit from moving beyond RBAC, but this requires further attention from researchers and vendors and, eventually, standardization bodies.

avatar for Johan  Peeters

Johan Peeters

security architect, independent
I currently mainly work on access control for REST APIs, but I am also interested in identity and access management, security operations center architecture and cloud security.Apart from my commercial consulting and bespoke development activities, I also teach software security at... Read More →

Thursday July 5, 2018 1:30pm - 2:15pm BST
St James - 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE