Auth0

On the fourth episode of Identity, Unlocked, host Vittorio Bertocci, principal architect at Auth0 is joined by Daniel Fett, a security specialist at yes.com. Daniel received his PhD from the University of Stuttgart through research on the formal analysis of web protocols. Daniel joins the podcast today to talk about the security BCP document.
Like this episode? Be sure to leave a five-star review and share Identity, Unlocked with your community! You can connect with Vittorio on Twitter at @vibronet, Daniel at @dfett42, or Auth0 at @auth0.

Daniel Fett is a security specialist at yes.com where he works on the yes® open banking ecosystem based on OAuth and OpenID Connect. Before that, he received a Ph.D. in Computer Science from the University of Stuttgart, Germany. During his research, he developed new methods to formally analyze the security of web applications and standards. He used these formal methods to find new attack vectors on OAuth, OpenID Connect, and other federated authentication/authorization systems. Daniel is a co-author of the upcoming OAuth Security Best Current Practices RFC, of OpenID Connect for Identity Assurance, and FAPI 2.0.

Daniel Fett

Security Specialist

On the fourth episode of Identity, Unlocked, host Vittorio Bertocci, principal architect at Auth0 is joined by Daniel Fett, a security specialist at yes.com. Daniel received his PhD from the University of Stuttgart through research on the formal analysis of web protocols. Daniel joins the podcast today to talk about the security BCP document.

A Lap Around the OAuth2 Security BCP with Daniel Fett

Listen on Apple Podcasts

Blog

Visit Auth0

In Partnership with OpenID Foundation and IDPro This is Identity, Unlocked with host Vittorio Bertocci. Identity, Unlocked is the podcast that discusses identity specs and trends from a developer perspective. Identity, Unlocked is powered by Auth0. Vittorio Bertocci is Principal Architect at Auth0 and applies his vast knowledge of the identity industry to Auth0 in all aspects of the company, including internal and external education, product innovation, and customer integration. Prior to Auth0, Bertocci spent 17 years at Microsoft, where he worked on the Azure Active Directory team and focused largely on improving the developer experience. As a published author of four identity books and a highly-trafficked blog: cloudidentity.com, his forward-thinking commentary has enabled him to speak at conferences, such as Identiverse, BUILD, PDC, TechEd, Cloud Identity Summit, and many other industry events around the world.

In this episode, Dr. Daniel Fett, expert cryptographer, returns to the show to discuss the landscape of privacy-preserving measures (such as selective disclosure, zero-knowledge proofs or ZKP, etc.) that are emerging to augment existing technologies and enable new scenarios. The discussion gets very concrete when Daniel describes selective disclosure JWT, or SD-JWT, a new IETF specification he is coauthoring that offers a simple and easy-to-adopt approach to produce JWTs capable of supporting selective disclosure. Here at Identity, Unlocked, we are huge fans of this new specification, and we hope this episode will help you get started!