Software Engineering Radio - the podcast for professional software developers Episode 547: Nicholas Manson on Identity Management for Cloud Applications
Jan 18, 2023
Nicholas Manson, a seasoned SaaS architect with over 20 years in building cloud applications, dives deep into identity management for cloud services. He outlines the essentials of digital identity, touching on everyday user types and federation concepts. Nicholas explains the balance between security and user experience and reviews the evolution of OAuth 2.0 and OpenID Connect. He also covers advanced topics like Zero Trust architecture, multi-factor authentication, and vendor evaluation strategies, making complex topics accessible and engaging.
AI Snips
Chapters
Transcript
Episode notes
From SAML To OAuth And OpenID
- SAML pioneered single sign-on with identity providers and service providers exchanging assertions.
- Modern services have largely moved to OAuth2 (and OpenID Connect) using bearer/JWT tokens.
Adopt Strong Multi-Factor Methods
- Adopt multi-factor authentication combining independent factors like possession and knowledge or biometrics.
- Consider FIDO2 for stronger passwordless flows that use device and biometric checks.
Evolution Of Access Control Models
- Authorization evolved from privileges to roles, then to attribute-based and policy-based control.
- Policy-based access control mixes roles, attributes, and privileges via a rules language for finer decisions.