Solving Identity Management in Modern Applications: Demystifying Oauth 2.0, Openid Connect, and Saml 2.0
暫譯: 現代應用程式中的身份管理解決方案:揭開 Oauth 2.0、OpenID Connect 和 SAML 2.0 的神秘面紗

Wilson, Yvonne, Hingnikar, Abhishek

Solving Identity Management in Modern Applications: Demystifying Oauth 2.0, Openid Connect, and Saml 2.0
  • 出版商: Apress
  • 出版日期: 2022-11-18
  • 售價: $2,160
  • 貴賓價: 9.5$2,052
  • 語言: 英文
  • 頁數: 384
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1484282604
  • ISBN-13: 9781484282601

    • 海外代購書籍(需單獨結帳)

相關主題

商品描述

Know how to design and use identity management to protect your application and the data it manages.

At a time when security breaches result in increasingly onerous penalties, it is paramount that application developers and owners understand identity management and the value it provides when building applications. This book takes you from account provisioning to authentication to authorization, and covers troubleshooting and common problems to avoid. The authors include predictions about why this will be even more important in the future. Application best practices with coding samples are provided.

Solving Identity and Access Management in Modern Applications gives you what you need to design identity and access management for your applications and to describe it to stakeholders with confidence. You will be able to explain account creation, session and access management, account termination, and more.

This revised and expanded edition includes additional content providing an overview of the new version of OAuth (2.1)--what led to it, and primary changes in this version (including features removed from 2.1 that were in 2.0 and why they were removed)--as well as coverage of newer specification documents (RFC 8639--Device flow, useful for IoT devices, RFC 8705--mutual Transport Layer Security, RFC 8707--the protocol "resource" parameter, it's purpose and use, and more).

What You'll Learn

  • Understand key identity management concepts
  • Incorporate essential design principles
  • Design authentication and access control for a modern application
  • Know the identity management frameworks and protocols used today (OIDC/OAuth 2.0/2.1, SAML 2.0)
  • Review historical failures and know how to avoid them

Who This Book Is For

Developers, enterprise or application architects, business application or product owners, and anyone involved in an application's identity management solution

商品描述(中文翻譯)

了解如何設計和使用身份管理來保護您的應用程式及其管理的數據。

在安全漏洞導致越來越嚴重的懲罰的時代,應用程式開發者和擁有者必須理解身份管理及其在構建應用程式時所提供的價值。本書將帶您從帳戶配置到身份驗證再到授權,並涵蓋故障排除和常見問題的避免。作者還預測了為什麼這在未來會變得更加重要。書中提供了應用程式最佳實踐及程式碼範例。

解決現代應用程式中的身份和訪問管理為您提供設計應用程式身份和訪問管理所需的知識,並能自信地向利益相關者描述這些內容。您將能夠解釋帳戶創建、會話和訪問管理、帳戶終止等內容。

這一修訂和擴展版包括額外內容,提供有關新版本OAuth (2.1) 的概述——導致其產生的原因,以及此版本的主要變更(包括從2.1中移除的2.0功能及其移除原因)——還涵蓋了更新的規範文件(RFC 8639——設備流,對於物聯網設備非常有用,RFC 8705——相互傳輸層安全,RFC 8707——協議的'resource'參數,其目的和用法等)。

您將學到什麼


  • 理解關鍵的身份管理概念


  • 融入基本設計原則


  • 為現代應用程式設計身份驗證和訪問控制


  • 了解當前使用的身份管理框架和協議(OIDC/OAuth 2.0/2.1, SAML 2.0)


  • 回顧歷史失敗並了解如何避免它們

本書適合誰

開發者、企業或應用程式架構師、商業應用程式或產品擁有者,以及任何參與應用程式身份管理解決方案的人士

作者簡介

Yvonne Wilson is co-founder and Chief Strategy Officer for XploitDefense. She has had many roles in the software industry related to security and identity management as a security and identity architect; enterprise architect; director of developer success working with identity customers; sr. director of security governance, risk, and compliance (GRC); Chief Strategy Officer; and founder of cloud identity services. Yvonne was responsible for IT security strategy and architecture at Sun Microsystems, founded and designed the identity management services offered through Oracle Managed Cloud Services, created a GRC team at Auth0 and founded a world-wide developer success team for Auth0, working with customers and overseeing the creation of an identity management training program for customer-facing support and professional services engineers. Yvonne is currently Chief Strategy Officer at XploitDefense.

In working with business teams at Sun, designing and deploying identity systems for customers at Oracle, and while founding a developer success team at Auth0, Yvonne had the opportunity of working with many customers, from small startups to large enterprises. Her experience spans the implementation of SSO, identity federation, directory services, adaptive knowledge-based authentication, and identity provisioning as well as multilevel authentication systems with certificate-based authentication. She has worked with OIDC, SAML 2.0, WS-Fed, OAuth2.0/2.1, and OpenID. From this depth of experience, Yvonne realized the growing need for a basic overview of identity management concepts that is understandable to business application owners as well as architects and developers.

Abhishek Hingnikar is at Okta, the identity provider for the internet. He has several years of experience designing and demonstrating Identity Management solutions to customers using Auth0 using OAuth 2.0/2.1, OpenID Connect and SAML 2.0. His current focus areas involve Consumer IoT, Device Based Identity and designing solutions that explore web based identity in peripheral domains.


作者簡介(中文翻譯)

伊芳·威爾森是XploitDefense的共同創辦人及首席策略官。她在軟體產業中擔任過多個與安全性和身份管理相關的角色,包括安全與身份架構師、企業架構師、與身份客戶合作的開發者成功總監、安全治理、風險與合規(GRC)高級總監、首席策略官,以及雲身份服務的創辦人。伊芳負責過Sun Microsystems的IT安全策略和架構,創立並設計了透過Oracle Managed Cloud Services提供的身份管理服務,在Auth0創建了GRC團隊,並為Auth0創立了一個全球開發者成功團隊,與客戶合作並監督為面向客戶的支持和專業服務工程師創建身份管理培訓計劃。伊芳目前是XploitDefense的首席策略官。

在Sun與商業團隊合作、為Oracle的客戶設計和部署身份系統,以及在Auth0創立開發者成功團隊的過程中,伊芳有機會與許多客戶合作,從小型初創公司到大型企業。她的經驗涵蓋了單一登入(SSO)、身份聯邦、目錄服務、自適應知識基礎身份驗證、身份供應以及基於證書的多層身份驗證系統的實施。她曾與OIDC、SAML 2.0、WS-Fed、OAuth 2.0/2.1和OpenID合作。基於這些豐富的經驗,伊芳意識到對於商業應用擁有者、架構師和開發者來說,對身份管理概念的基本概述的需求日益增加。

阿比謝克·辛尼卡在Okta工作,這是一個互聯網身份提供者。他在使用Auth0設計和展示身份管理解決方案方面擁有幾年的經驗,使用的技術包括OAuth 2.0/2.1、OpenID Connect和SAML 2.0。他目前的重點領域包括消費者物聯網、基於設備的身份以及設計探索周邊領域的基於網路的身份解決方案。

類似商品