Justin Richer, Consultant, IS&T
| Jan/15 | Wed | 10:00AM-01:00PM | TBD |
| Jan/22 | Wed | 10:00AM-01:00PM | TBD |
Enrollment: Limited: Advance sign-up required
Sign-up by 01/13
Limited to 20 participants
Attendance: Participants must attend all sessions
The OAuth2.0 authorization framework is today the basis for a growing number of services delivered using RESTful Web-APIs. It is the primary mechanism to convey not only digital identities, but also authorization to perform tasks through the published Web API.
Software developers who need to maintain security and access control for services on the web need a deeper understanding of the OAuth2.0 protocol and the larger identity federation scheme called OpenID-Connect which uses OAuth.20.
In this course the topics covered will include:
- Fundamentals of OAuth2.0.
- Fundamentals of the OpenID-Connect (OIDC) protocol.
- How Web APIs use OAuth2.0.
- Creating identities and federation using OIDC.
- Overview of a Java implementation of OIDC called MITREid.
- Integrating OIDC to your web applications.
- Using OIDC to perform Single-Sign-On (SSO) within your organization.
- Review of Web APIs that use OAuth2.0 (e.g. Google APIs).
Sponsored by the IS&T Kerberos Consortium.
Sign up at http://kit.mit.edu/mit-iap-course-2014
Sponsor(s): Electrical Engineering and Computer Science, Student Information Processing Board
Contact: Thomas Hardjono, hardjono@mit.edu