OUR
SPEAKER
Ben Ashley
Senior Developer
Ben is a .NET developer with 9 years of experience working in Federal government, State government and the private sector. He has a focus on application security and analytics, with a background in mathematics and statistical programming. Ben loves solving difficult problems and getting immersed in a complex business domain.
TALKS
OAuth2 and OIDC – Best Practices for Web Applications (45 mins)
This session is suitable for technical teams who are using or wish to use OpenID Connect to secure access to their web applications and want to conform to best practice in doing so. This is not a deep dive into the protocols themselves.
This session goes through the most common use-cases of securing web applications with OpenID Connect, examining how the unique requirements and threat models of each influence how to implement the standard.
Some questions addressed in this session are:
What’s the difference between OAuth2 and OpenID Connect?
What are the tokens involved in the protocol and what should I use each of them for?
What are some of the most common attacks and how can I defend against them?
OAuth2 and OIDC – Deep Dive (60 mins)
This session is suitable for technical or semi-technical teams who wish to know more about the details of how these two protocols (on which most of our interactions with the web are built) work.
This session goes through the conception of OAuth2, how it works in various contexts as well as what purpose each of its components serves, then explores how OpenID Connect has been built on top of OAuth2 to serve a specific purpose.
Some questions addressed in this session are:
What problem was OAuth2 developed to solve?
How do the parties involved in the protocol interact?
