Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - July 2017)

Loggin in to a website seems easy. But what seems so simple, is only easy as long as the website is based on a monolith in the background. But what happens, if there are lots of microservices at work? How do the microservices know that the user is who he is and how can this be achieved efficiently? The use of JSON Web Tokens (JWT) can be a solution. Presentation from the 2017 microXchg Conference in Berlin.

SSL: What is it, How to do it, and Why you should care

Jessica C. Gardner

Microservices Manchester: Authentication in Microservice Systems by David Borsos

When implementing applications using a microservice architecture, concerns of authenticating and authorising end-users or other services requires a different approach, especially when scalability and no single points of failure is in mind. I’d like to talk about some “lessons learned” in the past few years and show a few ideas how to deal with these concerns. About David Borsos David is a Senior Consultant for OpenCredo having joined the company as a consultant in 2013. David works on a number of technical engagements for OpenCredo and has a several years experience working in the financial industry, developing web-based enterprise applications, mostly of internally used tools that supported the maintenance and operations of a large IT infrastructure.

Authentication in microservice systems

David Borsos

Getting Started in Blockchain Security and Smart Contract Auditing

Beau Bullock

Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system. The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account. All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology new issues are being found daily. In this Black Hills Information Security (BHIS) webcast, we'll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers.

Verifiable Credentials 101 for SSI and Decentralized Digital Identity - Tyler...

http://ssimeetup.org/verifiable-credentials-101-ssi-tyler-ruff-webinar-11/ Tyler Ruff, product manager at Evernym, will be our next guest to walk us through Verifiable Credentials in the context of Self-Sovereign Identity. He will cover how they are created, issued and shared, as well as cover some common technical questions. The Verifiable Credentials discussed are based off a W3C standard for DIDs (decentralized identifiers) and Verifiable Credentials. The hope is that educating the identity and blockchain community on best practices for creating, issuing, storing and sharing Verifiable Credentials will foster interoperability between identity providers, ultimately making the whole ecosystem more valuable to the end consumer. The focus of this presentation is how Verifiable Credentials work, and why the different steps and components are necessary. If we can make Verifiable Credentials truly interoperable across industries, providers and domains, we can take a giant step forward towards a real self-sovereign world where individuals are in control of their digital lives and can benefit from every interaction they have—online and off. It all starts with getting interoperable, Verifiable Credentials under your control.

Cryptography In The Browser Using JavaScript

barysteyn

Java script and web cryptography (cf.objective)

ColdFusionConference

An Authentication and Authorization Architecture for a Microservices World

VMware Tanzu

SpringOne Platform 2016 Speaker: David Ferriera; Director, Cloud Technology, Forgerock Microservices architecture elevates the challenges for Authentication and Authorization management. When a single frontend request can result in many backend microservices calls, it is important to balance security and performance. ForgeRock provides a standards-based blueprint that provides a flexible solution for making these choices while protecting your Cloud Foundry services end to end.

ICO and Cyber security - How to protect from hackers during ICOs

Since January 2017, it does not happen a week without a new ICO is launched (more than 200 to date with $ 3Mds raised), but also without an ICO facing attacks of all kinds (Parity Multi-sig wallet bug with $ 30Mln stolen and Scam slack/twitter posts and phishing attacks with DNS spoofing, phishing link ...) During this talk, we will discuss the security principles of an ICO and see how and which elements to protect in order to secure both IT aspects (server hardening, web application firewall, multi-factor ...) and processes aspects (governance, mutli-signature procedure, smart-contract ownership, hot / cold keys storage, secret management ...) Also we will try to give an overview on how to use/secure smart-contract for Token sales and TGE process.

Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...

SecuRing

Bitcoin, the Blockchain, and Open Source

All Things Open

OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake

Privacy-preserving techniques using zero knowledge proof in public Ethereum

Public Blockchain technology like Ethereum is gaining interest and growing use case among startup and fintechs. Apart from scalability issues which are going to be solved with new consensus and mining techniques (Ethereum Metropolis and Bitcoin SegWit2x with Lightning network), privacy on transaction is still an issue which is not yet fully addressed yet. Because of the public nature of a Ethereum, many businesses are reluctant to deploy Smart-contract or Dapps solutions for fear of exposing confidential or sensitive information. The use of zk SNARKs (zk-SNARK stands for “Zero-Knowledge Succinct Non-Interactive Argument of Knowledge”) would essentially solve this dilemma (next EIP improvement of Ethereum called 'Byzantium' include zk SNARKS). The idea of zk-SNARKs is that they allow verification of the correctness of computations, without a verifier having to execute those computations, or even learn what was actually executed. Using zk-SNARKs, a verifier can confirm that a computation happened correctly, with ‘zero-knowledge’ of the computation. We propose during this talk to have a brief presentation on cryptography and theory around zero-knowledge proof algorithm. Then we will try to showcase the benefits of zk-SNARKS and other privacy-preserving techniques (like zcash) on the public blockchain ecosystem.

Microservices Manchester: Security, Microservces and Vault by Nicki Watt

In this talk, Nicki Watt will initially look to introduce and highlight some of the typical security challenges which engineers may encounter, and need to be aware of, when trying to develop and deploy a microservices-based architecture. The 2nd half of the talk tries to get a bit more practical, and through some examples, looks to demonstrate how a tool like Vault from HashiCorp can be used as part of your overall security toolkit to address some of these challenges. This talk will not be delving into the depths of cryptography and algorithms, rather it is aimed at highlighting some typical problem areas, and giving practical insight into some of the options which can be used to address them. About Nicki Watt Nicki Watt is a Lead Consultant for OpenCredo having joined the company in 2011. Nicki is responsible for both hands on and overall leadership of engagements for OpenCredo. She has experience leading both development and architectural teams across a wide range of industries including enterprise organisations and start ups.

OAuth 2.0 for Web and Native (Mobile) App Developers

Identity and the quest for Self-Sovereign Identity - Daniel Hardman

Alex G. Lee, Ph.D. Esq. CLP

Self-sovereign identity (SSI) is exploding as a topic. It can be hard to make sense of all the initiatives and technologies, and of similar words like "decentralized identity." However, a few deep themes are emerging as foundational elements, no matter which details are true of your favorite approach. This webinar with Daniel Hardman, Chief Architect, Evernym / Secretary , Technical Governance Board - Sovrin Foundation, will distill the topic down to certain fundamentals, show how they manifest differently in various approaches, and discuss where the community is likely to coalesce or diverge.

Blockchain DeFi Innovation Insights from Patents

Patents are a good information resource for obtaining the state of the art of the blockchain DeFi (Decentralized Finance) technology innovations insights. Patent information also can provide many valuable insights that can be exploited for developing and implementing new technologies. Patents can also be exploited to identify new product/service development opportunities. I. Blockchain DeFi Technology Innovation Status Blockchain DeFi technology innovation entities Blockchain DeFi patent application landscape with respect to the key technology innovation field: Decentralized Asset/Fund Management Decentralized Lending and Borrowing Stable Coin Decentralized Exchange (DEX) Decentralized Derivatives Decentralized Margin Lending and Trading Non-fungible Token Decentralized Oracle Price Discovery Decentralized Payment Decentralized Staking Pool II. Blockchain DeFi Technology Innovation Details A. Decentralized Exchange (DEX) automated market maker (AMM) liquity pool margin trading automic swap price oracle B. Decentralized Lending and Borrowing flash loan Collateralized Debt Position (CDP) yield farming

WSO2Con USA 2014 - Identity Server Tutorial

CIS 2017 - So you want to use standards to secure your APIs?

Bertrand Carlier

Cloud Identity Summit 2017 talk We will show and explain why APIs are essential in a digital context. We will describe use cases, illustrate with real-life situations where APIs are used and demonstrate that they are a design pattern needed in thousands of different places, following dozens of IT architectures We will present industry’s best practices to design well-secured APIs and explain which particular specification is intended for which use-case. We will present key security aspects to take into account when designing an API and its access infrastructure.

Identity Objects in Mirror Are Closer Than They Appear - Identity Live 2017 -...

Daniel Raskin, SVP Product Management, ForgeRock - The identity world is evolving … again. The growth of IoT endpoints is outpacing the scale of standard identity platforms. More non-traditional things are now given digital identities. New device protocols force identity platforms to become proficient in "foreign languages," in order to communicate with next-generation devices and services. The identity use case of yesteryear is gone: We need to reinvent what a typical identity deployment looks like. In this session, we will explore this changed world and discuss how identity needs to adapt.

What's hot

BOTCHAIN aka The Dark side of Blockchain

Antonio Pirozzi

Authorization and Authentication in Microservice Environments

LeanIX GmbH

SSL: What is it, How to do it, and Why you should care

Jessica C. Gardner

Microservices Manchester: Authentication in Microservice Systems by David Borsos

Authentication in microservice systems

David Borsos

Getting Started in Blockchain Security and Smart Contract Auditing

Beau Bullock

Verifiable Credentials 101 for SSI and Decentralized Digital Identity - Tyler...

Cryptography In The Browser Using JavaScript

barysteyn

Java script and web cryptography (cf.objective)

ColdFusionConference

An Authentication and Authorization Architecture for a Microservices World

VMware Tanzu

ICO and Cyber security - How to protect from hackers during ICOs

Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...

SecuRing

Bitcoin, the Blockchain, and Open Source

All Things Open

OpenID Connect 101 @ OpenID TechNight vol.11Nov Matake

Privacy-preserving techniques using zero knowledge proof in public Ethereum

Microservices Manchester: Security, Microservces and Vault by Nicki Watt

OAuth 2.0 for Web and Native (Mobile) App Developers

Identity and the quest for Self-Sovereign Identity - Daniel Hardman

Alex G. Lee, Ph.D. Esq. CLP

Blockchain DeFi Innovation Insights from Patents

WSO2Con USA 2014 - Identity Server Tutorial

What's hot (20)

BOTCHAIN aka The Dark side of Blockchain

Authorization and Authentication in Microservice Environments

SSL: What is it, How to do it, and Why you should care

Microservices Manchester: Authentication in Microservice Systems by David Borsos

Authentication in microservice systems

Getting Started in Blockchain Security and Smart Contract Auditing

Verifiable Credentials 101 for SSI and Decentralized Digital Identity - Tyler...

Cryptography In The Browser Using JavaScript

Java script and web cryptography (cf.objective)

An Authentication and Authorization Architecture for a Microservices World

ICO and Cyber security - How to protect from hackers during ICOs

Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...

Bitcoin, the Blockchain, and Open Source

OpenID Connect 101 @ OpenID TechNight vol.11

Privacy-preserving techniques using zero knowledge proof in public Ethereum

Microservices Manchester: Security, Microservces and Vault by Nicki Watt

OAuth 2.0 for Web and Native (Mobile) App Developers

Identity and the quest for Self-Sovereign Identity - Daniel Hardman

Blockchain DeFi Innovation Insights from Patents

WSO2Con USA 2014 - Identity Server Tutorial

Similar to Modern Authentication with OpenID Connect and IdentityServer 4 (umBristol - July 2017)

CIS 2017 - So you want to use standards to secure your APIs?

Bertrand Carlier

Identity Objects in Mirror Are Closer Than They Appear - Identity Live 2017 -...

Identity Live Sydney 2017 - Daniel Raskin

You still need to protect employees in the digital age, but the real opportunity for digital transformation lies in using identity not just to protect employees, but to get to know, interact with, and connect to prospects and customers across any channel–whether cloud, social, mobile, or the Internet of Things (IoT). Customer Identity Management requires going above and beyond a secure login. From a security perspective, you need continuous security that follows the user throughout their entire session. And as customers share data, from demographics to preferences to buying habits, you can use it to create authentic, engaging customer experiences that lead to lasting customer relationships. Better yet, you can earn customer trust while meeting privacy regulations like GDPR, by giving customers control over who has access to their data and for how long.

The Future is Now: What’s New in ForgeRock Identity Management

OAuth 101 & Secure APIs 2012 Cloud Identity Summit

Brian Campbell

Identity Live London 2017 | Daniel Raskin

UMA - An Open Standard for Consent-Driven Personal Data Sharing

Chris Adriaensen

Identity Live Paris 2017 | Monetising Digital Customer Relationships

By Steve Ferris SVP Global Customer Success, ForgeRock, Alain Barbier Principal Customer Engineer, ForgeRock, Leonard Moustacchis Senior Customer Engineer, ForgeRock You still need to protect employees in the digital age, but the real opportunity for digital transformation lies in using identity not just to protect employees, but to get to know, interact with, and connect to prospects and customers across any channel–whether cloud, social, mobile, or the Internet of Things (IoT). Customer Identity Management requires going above and beyond a secure login. From a security perspective, you need continuous security that follows the user throughout their entire session. And as customers share data, from demographics to preferences to buying habits, you can use it to create authentic, engaging customer experiences that lead to lasting customer relationships. Better yet, you can earn customer trust while meeting privacy regulations like GDPR, by giving customers control over who has access to their data and for how long.

The Hitchhiker's Guide to the Land of OAuth

Chris Adriaensen

OAuth has become a central security component with respect to a modern REST-based architecture - and several extensions have since been developed, like JWT, OpenID Connect and UMA, to provide a broader coverage. Both server and client development need a good understanding of these concepts to guarantee end-to-end security. In this talk Chris will guide us through the current landscape of OAuth and zoom in on mature (like JWT and OpenID Connect) and uprising extensions (like UMA and Proof of Possession) - but also how to interface with a SOAP-based architecture (like SAML). Don’t forget to bring a towel - but what about silver shoes?

Internet of Things Security & Privacy

Chris Adriaensen

Enterprise Single Sign On WSO2

Cisco Connect Halifax 2018 cloud and on premises collaboration security exp...

Cisco Canada

The Future is Now: The ForgeRock Identity Platform, Early 2017 Release

The ForgeRock Identity Platform is trusted by companies around the world to be their foundation for digital transformation. ForgeRock extends their leadership in this space with the latest release of the ForgeRock Identity Platform, featuring advanced capabilities to meet the needs of today’s consumer facing digital services. In this webinar, learn how new features improve customer engagement and insight, offer greater privacy controls, extend security and usability for internet of things (IoT), enable DevOps and dynamic architectures, and more.

Blockchain: Strategies for Moving From Hype to Realities of Deployment

CA Technologies

The promise of blockchain, or specifically distributed ledger technology, has captured the attention of business and IT leaders across multiple industries. Now is the time to move from hype to reality. This session will examine use cases of pioneering companies that apply blockchain in a multi-party entity environment with immutable smart contracts. We’ll share how some DevSecOps requirements are fundamentally different for blockchain pilots and full deployment—from getting started with the right development environment to concerns of security, encryption and operational visibility. We will also discuss integration of blockchain with existing systems of record and the use of shadow blockchain as an evolutionary step towards adoption. Join this session to learn more about developing, deploying, and securing blockchain. For more information on Mainframe, please visit: http://ow.ly/VnBh50g66bO

The Future is Now: What’s New in ForgeRock Access Management

Connected Car: Putting Digital Identity Behind the Wheel

A modern connected vehicle is no longer just a car with a built-in wireless access point – it is a complex network of multiple interconnected systems from different vendors that are constantly communicating with each other as well as with various external parties, both consumer-facing and industrial. Each connected car is a rolling IoT ecosystem where industrial applications and protocols coexist with consumer-grade apps and services.

Security On The Edge - A New Way To Think About Securing the Internet of Things

ForgeRock proposes a new approach for IoT security, where identity principles are used to ensure the authenticity of IoT devices and their communications. We call this upcoming technology, ForgeRock Edge Security. Using secure, standards-based tokens and providing comprehensive, policy-based controls for controlling access to data from devices, this is the next generation of IoT edge security. With examples from industrial and automotive IoT environments, learn how this new way of providing security “on the edge” can provide a rock solid layer of security for your IoT deployments.

#OSSPARIS19 - MicroServices authentication and authorization with LemonLDAP::...

Paris Open Source Summit

#Cloud , #DevOps & Infrastructure - Track - Cloud Native Infrastructure When deploying microservices, you need to provide a solution for authentication and authorization so you can control who is using your service. A lot of possibilities exist, but often involves development inside microservice code. Using a Single-Sign On software is another way to achieve the mircoservice protection, either using OAuth2/OpenID Connect protocol, either using a SSO specific protocol. We sill demonstrate how this can work with LemonLDAP::NG, a free/open source SSO software mostly developed in France.

[POSS 2019] MicroServices authentication and authorization with LemonLDAP::NG

Worteks

Identity Live Sydney 2017 - Ashley Stevenson