Identity and Access Control
- Posted: Dec 10, 2012 at 3:46PM
- 18,205 views
- 3 comments
Loading user information from Channel 9
Something went wrong getting user information from Channel 9
Loading user information from MSDN
Something went wrong getting user information from MSDN
Loading Visual Studio Achievements
Something went wrong getting the Visual Studio Achievements
Right click “Save as…”
Today I woke up thinking that talking about Identity and Access Control and how your strategy around that affects you (web-) app's architecture without going too deeply into the security lingo that usually comes with it. Here's the 40 minute result.
I start with HTTP's "native" authentication model RFC 2617 and how that's universally bad, with both Basic and Digest authentication having issues Digest being, ironically worse for the overall security strategy. Then I dive into why models that use tokens (or cookies) are better in terms of security and scalability and explore a range of variations amongst those.