Dominick Baier Updates Our Security in .NET 4.5
Dominick Baier returns to talk to Carl and Richard about the current state of security in .NET 4.5. Dom starts out talking about how WebAPI has impacted the development of web services without much in the way of new security features - so he built some for everyone to use (check the links below). The conversation then digs into the challenges around OAuth 2 and the challenges of building specifications by committee when you're dealing with security. Also listen for a great dig into the real goals of identity technologies that largely haven't come to pass yet - there's still a ways to go!
Guests:
Dominick Baier
Dominick Baier spent most of his professional career implementing security systems for his customers and reading protocol specifications. This resulted in a number of popular open-source projects like IdentityServer and IdentityModel. Since 2020 he runs Duende Software Inc together with his longtime friend and colleague Brock Allen. Duende provides a sustainable home for the IdentityServer project and is the one-stop-shop for all things OpenID Connect and OAuth for .NET-based companies.
Links:
- SuppressUnmanagedCodeSecurityAttribute Class http://msdn.microsoft.com/en-us/library/system.security.suppressunmanagedcodesecurityattribute.aspx
- Dominic's Blog http://leastprivilege.com/
- Thinktecture.Identity Model on NuGet http://nuget.org/packages/Thinktecture.IdentityModel/
- OAuth 2 and the Road to Hell http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
- Dick Hardt OSCON Keynote 2005 http://www.youtube.com/watch?v=RrpajcAgR1E
- Tim Bray on OAuth https://www.tbray.org/ongoing/When/201x/2013/01/23/OAuth