Federated Identity – Opportunities and Dangers

March 10, 2010 (at 11:30 a.m.) in Defense & Management

The world is moving towards a federated identity model. Public facing websites like Google or Facebook utilize technologies like OpenID, OAuth and WRAP to provide single-sign-on capabilities. Enterprises and ISVs start deploying WS-Federation, WS-Trust and SAML to federate with customers, partners and even internally. The goals are always the same: provide a more meaningful representation of “identity” for authentication, authorization and personalization. This talks sheds light on all these technologies, how they work and how to secure them.

Dominick Baier

Dominick Baier works as a security consultant at thinktecture (www.thinktecture.com). His main focus is security, identity and access control in distributed applications using the Microsoft technology stack. He’s the author of “Writing more-secure ASP.NET Applications” (MS Press) and the security curriculum lead at Developmentor. You can find his blog at www.leastprivilege.com.