forked from IDPros/anno-biblio
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbibannotation-Richer2017.tex
14 lines (8 loc) · 2.32 KB
/
bibannotation-Richer2017.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
OAuth is a very powerful tool. Its power comes from its flexibility. Flexibility often means the ability to not only do what you want to do, but also the ability to do things in an unsafe way. Because OAuth governs access to APIs, which in turn gates access to your important data, it’s crucial that you do use it in a safe way by avoiding antipatterns and using best practices. Stated differently, just because you have the flexibility to do anything and deploy in any way, doesn’t mean that you should.
Thankfully, Justin and Antonio provide pragmatic guidance on what to do and what not to do. They acknowledge both the “I just want to get this done” and the “I want to make sure this is secure” mindsets you have.
(Full disclosure… I wrote the Foreword for the book)
\setlength{\parindent}{0cm}\par\textsc{ --- Ian Glazer }\par\vspace{12pt}\setlength{\parindent}{15pt}
This is not only the most comprehensive book available about OAuth but it is also the most accessible, which is a neat trick to pull off. Justin and Antonio expertly guide the reader by providing an overview of what OAuth is by talking about why it came to be and what it was meant to solve. They describe the flow between all of the different players in the framework followed by dedicated chapters for each one of those participants before presenting the reader with more advanced topics. One of those is easily the best description ever written about dynamic client registration, which I have referred to many times in our own implementation. As a cybersecurity architect, I particularly appreciate the 50 pages of detailed discussion about common vulnerabilities of different parts of the system. It’s a fantastic resource that you’ll not only refer to again and again, but also a resource to lend to those new identity professionals that you’re trying to grow.
\setlength{\parindent}{0cm}\par\textsc{ --- Steve Hutchinson }\par\vspace{12pt}\setlength{\parindent}{15pt}
This is a textbook on the theory and intent behind OAuth and OpenID Connect. It includes not only history and reasoning behind the development of these standards, but also easy tutorials and sample code allowing the reader to build his own providers and clients in an afternoon. Highly recommended.
\setlength{\parindent}{0cm}\par\textsc{ --- Sarah Squire }\par\vspace{12pt}\setlength{\parindent}{15pt}