Dasith Wijesiriwardena

Information & Communications Technology

Software Design Software Development Software Architecture .net core Event Sourcing Domain Driven Design

Melbourne, Victoria, Australia

Modern Authentication 101

There has never been more emphasis in security than in the modern environment of distributed computing and increased sharing of data. Our data does not sit inside silos consumed by one application anymore. In this context the modern distributed applications need to securely access protected resources without having to share passwords. We need scalable solutions that work with things like single page applications. We will dive in and explore terms like `OAuth`, `OpenIdConnect` and `JWT` and how they relate to authentication and authorisation. This presentation hopes to give you a good understanding of what, where and how to get started with the modern approaches to authentication.

In my experience most software developers don't have a good understanding of why protocols like OAuth and OpenIdConnect exist. What type of problems they solve and what flow to pick to solve their problems. Most of all they lack the knowledge of the compromises they make when they choose a authentication flow. Because these authentication flows are abstracted away in most implementations, the novice developers don't get exposed to the nuts and bolts. There are more and more compromises that happen because someone doesn't follow the security best practice or pick the wrong tool for the job. My motivation is to transfer some of my knowledge to young developers so they make an informed choice when the opportunity presents itself.

Dasith Wijesiriwardena

Senior Software Engineer @ Microsoft

Dasith is a polyglot software engineer with distributed systems focus, keen problem solver and an improving cricketer. He's got close to 2 decades of experience designing and building software solutions and loves all things technology. After leading the development of an ERP solution for the construction industry and working on trade printing software for a while he used to work as a lead consultant for Readify and currently practices his trade as an Software Engineer for Microsoft working in the Commercial Software Engineering team. As a developer/consultant over the last few years he's worked on a broad technology stack which consists of all things from Serverless to IoT. He is a recovering competitive fps gamer who still talks about things like mouse sensitivity and ping over a frothy beverage.

Dasith's full speaker profile