Speaker

Sam Bellen

Sam Bellen

Principal Developer Advocate at Auth0

Hasselt, Belgium

I'm a Google Developer Expert who works as a Principal Developer Advocate at Auth0. At Auth0 we're trying to make authentication and identification as easy as possible, while still keeping it secure.

After office hours I like to play around with the web-audio API, and other "exotic" browser APIs. One of my side projects is a library to add audio effects to an audio input using JavaScript.

When I'm not behind a computer, you can find me playing the guitar, having a beer at a concert, or trying to snap the next perfect picture.

Area of Expertise

  • Information & Communications Technology

Topics

  • JavaScript
  • Browser APIs
  • Web
  • Authentication
  • Identity Management
  • Security

Can't Touch This!

Knowing who your authenticated user is and whether they have access to your application is one thing. Figuring out if they should be able to perform a certain action on a specific resource is another. Protecting our data and allowing users to only do what they should be allowed to do can become quite complex as your application grows. Luckily there are multiple authorization approaches available. Wondering what the best solution for your application is? Let’s find out how we can protect our content by using roles and permissions, or attribute based authorization all the way to fine grained authorization looking for relationships between the user, actions and resources.

In this talk we will go over some of the more common authorization approaches, starting with Role-Based Authorization, going to Attribute-Based Authorization and ending up with a fine-grained authorization solution using Relationship-Base Authorization. The audience does not need any specific knowledge about cryptography as this talk will go through the basics. Some programming knowledge can be useful but not necessary.

Channel your inner rockstar with the web audio API.

The days when you needed a bunch of expensive musical equipment are gone. We all have devices with a web browser which is capable of creating, composing and modulating sound. The web-audio API makes it easier than ever before to create music on the web. It hosts an array of easy to use audio nodes, which take away a part of the hard work, while still allowing the desired flexibility to create the exact sound you’re after.

We're writing code every day as part of our jobs. We do not always have to use those skills to create something useful, but can also do some fun experiments with it. Playing with the web-audio API is a perfect way to improve our programming skills, and have fun at the same time.

You might not need a native app for this!

A lot of developers seem to go to native (mobile) apps to solve complex problems. The web is evolving at a rapid pace, and for a lot of things we don’t need to go the native way anymore. From recording video to speech recognition, connecting to a bluetooth devices to using accelerometer data, modern browsers host a whole set of APIs which help us achieve these things. Knowing some of these APIs exist might speed up the process of moving to a universal accessible web app or PWA in favour of a big native one.

Passwords are so 1990

As long as we’ve been using the internet, and way before that, we have been authenticating through some sort of username and password combination. It has become the standard. With the ever-increasing number of web-apps, we’re seeing more and more data breaches as well. What if we could build our authentication processes in a way the user doesn’t need a password?

In this talk, I will give a quick overview of the past, present, and future of authentication. From basic authentication to passwordless biometric authentication using the web authentication API, and everything in between. The audience does not need any specific knowledge as this talk will not go into implementation details but aims to give a view of what’s to come in terms of authentication.

Why? Authentication is one of the fundamentals of modern applications. We still rely on a system of passwords which has been used since the Roman empire. If we could eliminate the weakest part of the authentication process, the password, we might be able to make it more secure.

No way, JOSE!

Is your first thought when thinking about cryptography, “nope, that’s not for me!”? There’s no need to. When explained with simple examples, you can see the basics are not that complicated. The Javascript Object Signing and Encryption, or JOSE for short is a framework that helps us deal with encryption. It describes ways to securely transfer data either signed (JWS) or encrypted (JWE). Let’s take a leap of faith and explore the wonderful world of cryptography together, shall we?

In this talk, I will try to explain the basics of encryption and hashing through simple examples. We’ll look into how the JOSE standard can help us with encrypted content on the web using JSON Web Encryption (JWE) and JSON Web Keys (JWK). The audience does not need any specific knowledge about cryptography as this talk will go through the basics. Some JavaScript knowledge can be useful but not necessary as code examples will be simple and explained.

Why? The times when websites were just simple pieces of information is long gone. These days the web handles more sensitive data than ever before. To securely handle this data, we sometimes need to hash, encrypt or sign it. Sure there are a million tools, libraries and pieces of software that handle this for you, but knowing the basics can certainly come in handy!

Knock knock, who's there? Authenticating your single page apps using JSON Web Tokens.

When it comes to writing code, there’s nothing we take more serious than authentication and security. Modern single page applications bring along new challenges. By using solutions like the OpenID Connect protocol and JSON Web Tokens we can improve the user experience when authenticating with your apps, providing a seamless authentication process.

In this talk I will try to explain in depth, the way JSON Web Tokens work and can be used to secure your single page apps. I will explain the difference between using opaque tokens and JWTs. The talks will also give an overview of a modern authentication flow and a step by step breakdown of how it works exactly. No specific previous knowledge is required, but it helps the audience has some experience with authenticating users.

The connected web: talk to the devices around you, from the comfort of your browser.

Can you imagine a world where you don’t have to install drivers, or software, just to use that new device you just bought? Can you imagine getting information from your bluetooth devices, straight in the browser? The internet is not an isolated place anymore. We are able to communicate to other devices through a whole variety of methods and connections. From talking to musical instruments through the MIDI protocol, to all sorts of other devices with bluetooth and web USB.

The talk does not require any previous experience except some basic JavaScript knowledge. It will take the audience through a brief history of the ways you can interact with a web-browser using hardware devices. After this introduction, I will demonstrate some of the newer ways to control the web-page with hardware or the other way around. Think web-bluetooth and web-USB. After this talk the audience should have a better view on the capabilities of modern browser in terms of communicating with hardware.

Sam Bellen

Principal Developer Advocate at Auth0

Hasselt, Belgium