Signing On the Rain of SSO. A SOS call to secure yourself

Espartaco Palma

Abstract

Using Single Sing On (SSO) implementing Security Assertion Markup Language (SAML) could be a kind of interesting but boring task. But when your Cloud Solution needs to manage multiple tenancy all over the place, then the fun begins: certificates, signing, security and automation creates a beautiful but intricate scenario.

Details

In the ideal world the businesses should avoid the burden of create, and recreate a systems to authenticate users. Storing user credentials is always a complicated and never-ending task where the bad guys are always trying to break you down, and the regulators to break you up before the first (SOC2, PII, etc) get you (and broke your credibility and trust).

In this talk we will explain why standards like SAML are important and how the implementation of the protocol can be done using a Rails service. Instead of create an almost-finished/secured implementation, let the big buys does the heavy lifting and your company the business logic. Also, I'll explain how we can have an implementation that can let you use multiple provider (Microsoft, Okta, OneLogin, PingFederate, etc) for your multiple clients on your multiple applications.

The intended audience is people trying to simplify the Authentication/Authorization process using a proved standard and providers.

Pitch

The nowadays business requires more proved and secured technologies that let your clients to trust your business, and also, let's be you honest: you don't want another system where to be logged in. Even the big companies like google has an option for SSO using SAML.

Our company have been working with multiple and big enterprises (including national-wide Banks) that requires the highest level of security for their users, also, their policies usually requires to use their already-tested and certified authentication provider. Our engineering team have been working on this implementation, and until now, we have solved most of the problems that a multi-providers can bring in the proposed solution.

Speaker Information

A Senior Software Engineer now applying Ruby as a daily basis, having a full conversation with datasets, collections and queries all day long. Reviewing code and learning how to debloat the unbloatable. I have been programming on many languages, like ancient xBase (Visual FoxPro), C# and Python; on every change I’ve learn not only the technology behind the language also the culture, I’ve learn how to implement what I have been using on C# and Python into Ruby.

Edit proposal

Submissions

RailsConf 2018 - Rejected [Edit]

Euruko 2018 - Rejected [Edit]

Add submission