OAuth and Mandatory Access Control: Beyond Discretionary Access Control - Lecture 4
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the limitations of OAuth and the need for Mandatory Access Control (MAC) in this conference talk from OWASP AppSec EU 2018. Delve into the differences between OAuth and SAML, understanding their distinct goals in access control. Examine the development community's shift towards OAuth and the challenges it presents when projects require both user-controlled access and compliance with security policies. Learn about ad-hoc extensions being built by vendors to address the need for mandatory access control, often based on Role-Based Access Control (RBAC). Discover the emerging consensus on these extensions and the potential for their standardization. Consider the long-term benefits of moving beyond RBAC and the need for further research, vendor attention, and standardization efforts in the field of access control.
Syllabus
OAuth is DAC. What do you do for MAC? - Johan Peeters
Taught by
OWASP Foundation
Related Courses
Secure Networked System with Firewall and IDSUniversity of Colorado System via Coursera Introduction to Cyber Security
Uttarakhand Open University, Haldwani via Swayam Preparing for the Google Cloud Professional Data Engineer Exam 日本語版
Google Cloud via Coursera Jump Start: Maestro Hyperscale Network Security
Checkpoint via edX Information Security - Introduction to Information Security
New York University (NYU) via edX