Show Me Your Wallet to Tell Me Who You Are - Using Verifiable Credentials with OAuth

A talk given by Daniel Lindau from Curity at Nordic APIs 2024 Platform Summit.

Traditionally, authentication requires an authority, the Identity Provider (IdP) that is more or less involved in every interaction of a user with a (new) application. What is more, the IdP commonly collects and shares personal data about the user with the application. However, the paradigm is about to change with Decentralized Identifiers and Verifiable Credentials emerging, giving users more control over their identity. OAuth is the latest and currently greatest web protocol for authentication and authorization - and it lends itself well to self-sovereign identities. This talk covers: The roles in a decentralized identity system Some use-cases for Verifiable Credentials How the OAuth protocol enables self-sovereign identities

More Live presentations videos

Panel Discussion: API Authorization
OAuth Well Played – Mods and Combos for the Cloud Native API Security Game
Who Needs That FAPI Thing, Anyway?
How to Build a Fortress with the Security of a Tent
The Swedish Chef Would Be Proud: Cooking up a Secure API in Minutes – Instructions Included
Ditch the Browser, Native API-Driven App Authentication with Passkeys
Browserless OAuth Flows in Mobile Apps Using a Hypermedia API
Addressing Top API Security Risks
Decentralized Identities Changes Everything, Even Your APIs
Military-Grade Security for APIs
OAuth and OpenID Connect - What's next?
Curity on ProgrammableWeb's Developers Rock Podcast
OAuth Tokens As Your Identity API
OAuth Claims Ontology: Using Claims in OAuth and How They Relate to Scopes
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
Scalable API Security Using OAuth
Financial Grade APIs Using OAuth and OpenID Connect
Security Is a Concern, Let’s Make It an Enabler
Securing APIs in a Cloud Native Environment Using OAuth
Securing APIs and Microservices with OAuth and OpenID Connect
OAuth and OpenID Connect for PSD2 and Third-Party Access