Solving Identity Management in Modern Applications: Demystifying Oauth 2.0, Openid Connect, and Saml 2.0
暫譯: 現代應用程式中的身份管理解決方案:揭開 Oauth 2.0、OpenID Connect 和 SAML 2.0 的神秘面紗
Wilson, Yvonne, Hingnikar, Abhishek
相關主題
商品描述
Know how to design and use identity management to protect your application and the data it manages.
At a time when security breaches result in increasingly onerous penalties, it is paramount that application developers and owners understand identity management and the value it provides when building applications. This book takes you from account provisioning to authentication to authorization, and covers troubleshooting and common problems to avoid. The authors include predictions about why this will be even more important in the future. Application best practices with coding samples are provided.
Solving Identity and Access Management in Modern Applications gives you what you need to design identity and access management for your applications and to describe it to stakeholders with confidence. You will be able to explain account creation, session and access management, account termination, and more.
What You'll Learn
- Understand key identity management concepts
- Incorporate essential design principles
- Design authentication and access control for a modern application
- Know the identity management frameworks and protocols used today (OIDC/ OAuth 2.0, SAML 2.0)
- Review historical failures and know how to avoid them
Who This Book Is For
Developers, enterprise or application architects, business application or product owners, and anyone involved in an application's identity management solution
商品描述(中文翻譯)
了解如何設計和使用身份管理來保護您的應用程式及其管理的數據。
在安全漏洞導致越來越嚴重的懲罰的時代,應用程式開發者和擁有者必須理解身份管理及其在構建應用程式時所提供的價值。本書將帶您從帳戶配置到身份驗證再到授權,並涵蓋故障排除和常見問題的避免。作者還預測了為什麼這在未來會變得更加重要。書中提供了應用程式最佳實踐及程式碼範例。
解決現代應用程式中的身份和訪問管理為您提供設計應用程式身份和訪問管理所需的知識,並能自信地向利益相關者描述這些內容。您將能夠解釋帳戶創建、會話和訪問管理、帳戶終止等內容。
您將學到什麼
- 理解關鍵的身份管理概念
- 融入基本的設計原則
- 為現代應用程式設計身份驗證和訪問控制
- 了解當前使用的身份管理框架和協議(OIDC/OAuth 2.0, SAML 2.0)
- 回顧歷史失敗並了解如何避免它們
本書適合誰閱讀
開發者、企業或應用程式架構師、商業應用程式或產品擁有者,以及任何參與應用程式身份管理解決方案的人士
作者簡介
Yvonne Wilson has had many roles in the software industry related to security and identity management as a developer, security architect, customer success engineer working with customers, founder of cloud identity services, and director of a security governance, risk, and compliance function. She was responsible for IT security strategy and architecture at Sun Microsystems, founded and designed the identity management services offered through Oracle Managed Cloud Services, and works as Senior Director of GRC at Auth0 with customers and vendors to ensure end-to-end security of the application technology supply chain.
In working with business teams at Sun and while founding the initial support team at Auth0, Yvonne worked with many customers, from small startups to large enterprises, and through the implementation of SSO, federated SSO, adaptive knowledge-based authentication, and identity provisioning. From this depth of experience, she realized the need for a basic understanding of identity management concepts by business application owners as well as architects and developers.
Abhishek Hingnikar has enjoyed writing software from an early age and has worked on multiple startups during his career. He currently works as a pre-sales engineer at Auth0 where he helps customers architect federated identity management solutions using OIDC, SAML, WSFed, and OAuth.
作者簡介(中文翻譯)
**Yvonne Wilson** 在軟體產業中擔任過多個與安全性和身份管理相關的角色,包括開發人員、安全架構師、客戶成功工程師、雲端身份服務創辦人,以及安全治理、風險和合規功能的主管。她負責 Sun Microsystems 的 IT 安全策略和架構,創立並設計了透過 Oracle Managed Cloud Services 提供的身份管理服務,並在 Auth0 擔任 GRC 高級總監,與客戶和供應商合作,確保應用技術供應鏈的端到端安全性。
在 Sun 與商業團隊合作的過程中,以及在 Auth0 創立初始支援團隊時,Yvonne 與許多客戶合作,從小型初創公司到大型企業,並透過實施單一登入 (SSO)、聯邦單一登入 (federated SSO)、自適應知識基礎身份驗證 (adaptive knowledge-based authentication) 和身份供應 (identity provisioning)。從這些豐富的經驗中,她意識到商業應用擁有者、架構師和開發人員對身份管理概念的基本理解是必要的。
**Abhishek Hingnikar** 從小就喜歡編寫軟體,並在他的職業生涯中參與了多個初創公司。目前,他在 Auth0 擔任售前工程師,幫助客戶架構使用 OIDC、SAML、WSFed 和 OAuth 的聯邦身份管理解決方案。
