LASCON 2017 has ended
Thursday, October 26 • 11:00am - 12:00pm
OAuth vs. SAML vs. OpenID Connect

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.

OAuth, SAML and OpenID Connect are the most important identity federation protocols in use today. Yet the many security architects struggle to express the differences between them. Front-channel, back-channel, assertion, JWT, claims, attributes, IDP, SP, OP, RP--there is a lot of jargon, and some of it seems to overlap. This compare / contrast session will help you understand the differences!

Many application security experts are making important decisions about which identity federation protocol to use for single sign-on for their next-generation application platform. There has been a lot of innovation in the area of identity federation in the last few years, and it's hard to keep up. It's really helpful if security architects can be presented with a summary of what's the same (or just re-named), what's different, and what's new. No assumptions will be made about previous expertise. Each protocol will be given a summary introduction, with references to the parts of the standard that are most commonly used, and which parts are esoteric. The security level of an application is impacted based on the protocol and features used. SAML, OpenID Connect and OAuth offer several profiles, enabling the implementation of both high and low assurance trust frameworks. This topic will also be addressed to help clarify which solutions are best suited for which requirements.

avatar for Michael Schwartz

Michael Schwartz

CEO, Gluu
Mike has been an entrepreneur and identity specialist for over 18 years. He is the technical and business visionary behind Gluu, whose open source access management platform, called the Gluu Server, enables domains to centralize authentication and authorization using open standards... Read More →

Thursday October 26, 2017 11:00am - 12:00pm
Under Armour Room

Attendees (15)