Loading…
BruCON 0x07 has ended
This schedule is subject to change, check back regularly. 
Registrations start at 8h30! 
Workshop rooms in the location Novotel are 5 minutes walking from the main venue. 
IMPORTANT notice on the use of SCHED.org!
back to BruCON web site
TIP: to see as grid: click on the "Schedule button"  
Back To Schedule
Thursday, October 8 • 4:30pm - 5:30pm
SSO: It’s the SAML SAML Situation (With Apologies to Mötley Crüe)

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
It's 2015 and single sign on systems have been around for over 15 years now. Despite the years of opportunity SSO is still really hard to do with any level of effectiveness. The advent of federation systems has, if anything, made things even harder. Sure there are standards like SAML which are supposed to help, but SAML options are like Tannenbaum's line about standards. There are so many to choose from. Basically no two SAML implementations ever work out of the box and often require significant engineering efforts to address. On the other hand, OAuth does better on that front, but it's not actually an SSO system and versions of 2.0 and 3.0 are actually less secure than the first version. I'll talk about the assorted ways that SSO works and doesn't work and how fundamental features like Single Log Out are generally not available. I'll close out with some thoughts on future direction on how we might be able to make things better.
Speakers
DM

David Mortman

David Mortman has been doing Information Security for over 20 years. He is currently Chief Security Architect and Distinguished Engineer at Dell Software, as well as a Contributing Analyst at Securosis. Most recently, he was the Director of Security and Operations at C3. Previously... Read More →

Thursday October 8, 2015 4:30pm - 5:30pm CEST
01. Westvleteren University
  Talk

Attendees (0)