Understanding OpenID Connect and OAuth v2.0: How They Work and How to be Secure

Webinar Registration

As the demand for SSO and API-based integration between cloud providers, apps and enterprises grows the need for something more simple and flexible than just SAML-based Federation becomes more urgent.

In this webinar I will help you understand what OpenID Connect and the underlying OAuth v2.0 spec are, their respective purposes and how they relate to other security technologies like traditional SAML based federation and the new and simpler RESTful way of accessing web services.

The “Auth” in OAuth v2.0 is more about authorization than authentication. The classic use case with OAuth v2.0 is where you (the end user) allow 2 different web applications to share your information. For instance you use a financial application that collects all your bills and statements to store those documents automatically in your DropBox. OAuth v2.0 facilitates that kind of operation without sharing your DropBox password (or other credentials) with the financial app.

OpenID Connect is an authentication layer built on top of OAuth v2.0. OpenID Connect allows you to authenticate to different, independent applications, APIs, clouds or websites using the services of a identity provider. Chances are, when you logon to a consumer web-site with your Google ID or Facebook account, behind the scenes these apps are using OpenID Connect.

How does OpenID Connect relate to federation based on SAML (such as Microsoft's ADFS implementation)? OpenID Connect and SAML both address similar and overlapping use cases. SAML is based on XML and is fairly complex. (The reason ADFS isn’t really loved is largely because of the complexity of SAML.) On the other hand OpenID Connect is based on JSON and REST which are much more simple to implement. In fact here's a mapping of the 2 worlds of web interoperability.

Data format

XML

JSON

Web services protocol

SOAP

REST

Federated Identity

SAML

OpenID Connect

But be aware it's far from a one-or-the-other situation. In fact, when you may use both SAML and OpenID Connect in one operation. For instance, let's say you setup DropBox for Business to rely on Azure Active Directory for authentication. That integration uses SAML based federation. Then let's say you authorize a project tracking application to access documents in DropBox. That may very well take place via Oauth.

OpenID Connect and Oauth are undeniably simpler than SAML. But simplicity is often at odds with security. OpenID Connect and Oauth leave more up to the developer and administrator and depend more heavily on symmetric key encryption for trust relationships instead of PKI. All of this means that developers and administrators need to be aware of important best practices to ensure security.

In this real training for free webinar I will show you how OpenID Connect and Oauth works and explain the important security issues you need to be aware of. You will also see how the standards relate and can interoperate with other standards that you may already have implemented such as ADFS and SAML.

Dell Software is sponsoring this webinar and you will briefly see how their Cloud Access Manager (CAM) supports OpenID Connect and Oauth – as well as federation based on SAML. CAM offers secure and unified access to all your internal and cloud-based web applications while simultaneously enhancing security and IT efficiency with dynamic, adaptive security, multi-factor authentication and more.

Please join me for this technical and security focused session. Register now.

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
Address:  
City:  
State:  
Zip/Postal Code:  
Organization Type :
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Additional Resources