1. I spent the last three years building application back-ends using Web APIs so that arbitrary client technologies can consume them. This creates a number of interesting challenges around authentication and authorization. Embracing token-based authentication, claims and the OAuth2 design patterns simplified many of the complex scenarios. This talk illustrates which tools we have built to make our lifes easier and what works well and what doesn’t - together with some war stories and tips from the trenches.

    # vimeo.com/97337305 Uploaded 4,167 Plays 3 Comments
  2. After a 3-year long struggle, the IETF finally released the OAuth2 specification(s). While all the big players (like Google, Microsoft and Facebook) are already using it, more and more people want to follow. But there is big confusion about what OAuth2 really is, what its uses cases are and which problems it can actually solve. At the same time, also the security experts out there don’t really agree if OAuth2 is a complete failure, or not - or something in between. Dominick walks you through OAuth2, its use cases and pitfalls.

    # vimeo.com/68331687 Uploaded 2,089 Plays 0 Comments
  3. OpenID Connect is here – and it’s here to stay. This suite of protocols makes federation, single sign-on, session management, discovery and management feasible across arbitrary client types and platforms. It is also a welcome simplification compared to archaic WS*, XML and SAML technologies that made interop often complicated. Dominick walks you through the various bits and pieces – and along the way might even release a new open source project that implements OpenID Connect on the .NET platform ;)

    # vimeo.com/97344501 Uploaded 5,011 Plays 1 Comment

Security

Alex Preston

Browse This Channel

Shout Box

Heads up: the shoutbox will be retiring soon. It’s tired of working, and can’t wait to relax. You can still send a message to the channel owner, though!

Channels are a simple, beautiful way to showcase and watch videos. Browse more Channels.