OAuth and Mandatory Access Control: Beyond Discretionary Access Control - Lecture 4
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the limitations of OAuth and the need for Mandatory Access Control (MAC) in this conference talk from OWASP AppSec EU 2018. Delve into the differences between OAuth and SAML, understanding their distinct goals in access control. Examine the development community's shift towards OAuth and the challenges it presents when projects require both user-controlled access and compliance with security policies. Learn about ad-hoc extensions being built by vendors to address the need for mandatory access control, often based on Role-Based Access Control (RBAC). Discover the emerging consensus on these extensions and the potential for their standardization. Consider the long-term benefits of moving beyond RBAC and the need for further research, vendor attention, and standardization efforts in the field of access control.
Syllabus
OAuth is DAC. What do you do for MAC? - Johan Peeters
Taught by
OWASP Foundation
Related Courses
Cybersecurity and Its Ten DomainsUniversity System of Georgia via Coursera Bases de données relationnelles : Comprendre pour maîtriser
Inria (French Institute for Research in Computer Science and Automation) via France Université Numerique Desarrollo de Aplicaciones Web: Seguridad
University of New Mexico via Coursera Web Application Development: Security
University of New Mexico via Coursera Computing, Storage and Security with Google Cloud Platform
Google via Coursera