On this episode, Brian Campbell, Distinguished Engineer at Ping Id, speaks with SE Radio’s Priyanka Raghaven about cryptographic defenses towards stolen tokens, significantly within the context of the OAUTH2 protocol and the kind of assaults that may plague it. They talk about the idea of “proof of possession” in defending towards such assaults, and the place you will need to have this additional safety — in banking functions, for instance — regardless of the extra prices of together with it. They then take a deep dive into the OAUTH2 MTLS protocol and its two flavors: self-signed certificates and PKI certificates. They conclude with a dialogue of the DPoP (demonstration of proof-of-possession) RFC and its suitability to be used within the consumer interface layer, in addition to the way forward for OAUTH2 together with Google’s macaroon tokens.
SE Radio theme: “Damaged Actuality” by Kevin MacLeod (incompetech.com — Licensed below Inventive Commons: By Attribution 3.0)
Podcast: Play in new window | Obtain
Subscribe: Apple Podcasts |
