Central Ohio Software Symposium
June 8 - 10, 2012 - Columbus, OH
View the event details here ».
Securing the Modern Web with OAuth
In this session, we'll look at OAuth, focusing on OAuth 2, from the perspective of an application that consumes an OAuth-secured API as well as see how to use OAuth to secure your own APIs.
Web security is nothing new. As users of the web, we're all accustomed to entering our usernames and fumbling to recall our passwords when trying to access private data on one of the many online services we use. But while traditionally web security could be described as a two-party process between a web application and a user, the modern web involves applications that seek to access other applications on behalf of their users. This presents some new challenges in keeping a user's sensitive data secure while still allowing a the third party application to access it.
OAuth is an open standard for authorization, supported by many online services, that allows one application to access a user's data in another application, all while giving the user control of what information is shared.
About Craig Walls
Craig Walls is a senior engineer with SpringSource as the Spring Social project lead and is the author of Spring in Action and XDoclet in Action (both published by Manning) and Modular Java (published by Pragmatic Bookshelf). He's a zealous promoter of the Spring Framework, speaking frequently at local user groups and conferences and writing about Spring and OSGi on his blog. When he's not slinging code, Craig spends as much time as he can with his wife, two daughters, 2 birds and 3 dogs.More About Craig »