OAuth has become the backbone of modern authentication, powering secure access to countless applications. However, as digital ecosystems grow more complex, OAuth faces limitations such as token misuse, lack of fine-grained access control, and challenges in balancing security with user convenience.
In this session, we’ll explore the shortcomings of OAuth in today’s context and discuss emerging solutions that address these issues. We’ll dive into practical approaches like passwordless authentication with WebAuthn, decentralized identities (DIDs), and dynamic, risk-based access control.
Edit1:
Difficulty Level: Beginner
Topic: Authentication and Authorization
Actual Topic: OAuth – What Problems it Solves, What It Brings, and the Advancements in the Authentication Space: WebAuthn and DIDs
Talk Outline:
Setting the tone:-
1. Introduction to Authentication and Authorization
2. Traditional Authentication and Authorization Methods and what are its issues which led us to OAuth
3. Overview to OAuth
Core Talk:
3. Potential Issues with OAuth and few things around it.
4. WebAuthn: The Future of Authentication
5. Decentralized Identity (DIDs): The Next Evolution in Identity Management
Edit2:-
Difficulty and high lvl explanation of the topic remains the same
The talk is intentionally kept light hearted for better grasping of audience , and just to spark the curiosity in the space of Authorization and Authentication which is pivotal problem.
Talk Outline:-
Setting the tone:- ( This is done to ensure audience is able to get most out of core talk )
1. Introduction to Authentication and Authorization
- Authentication: Verifying who you are.
- Authorization: Determining what you're allowed to do.
2. Traditional Authentication and Authorization Methods
- Usernames, passwords, and API keys.
3. Overview of OAuth
- OAuth provides a way to grant access without sharing credentials.
- Steps in OAuth
Core talk:- ( This are topics of my actual talk )
1. Potential Issues with OAuth
- Security risks.
- Implementation challenges.
- Future scope.
2. WebAuthn: A new way of Authentication
- What is WebAuthn?
- Why do we need it?
- What makes it unique?
- If possible a small demo would be done
3. Decentralized Identity (DIDs): The Next Evolution
- What are DIDs?
- Why are they needed?
- How DIDs work?
- Benefits.