Full Stack Engineering : Identity, Access, and Zero Trust

A standalone workshop on the identity layer of modern systems — the
cryptographic substrate that secures every API call, every
service-to-service connection, and every user session. We'll cover
OAuth 2.0 and OpenID Connect in depth, JWT pitfalls that have caused
real production breaches, modern session security with DPoP and
sender-constrained tokens, passkeys and WebAuthn, service-to-service
authentication patterns, and authorization beyond simple
role-checking. Two short hands-on exercises, several real breach case
studies, and a focus on the misconfigurations that actually cause
incidents.

Backend and full-stack developers who write code that handles tokens,
architects designing how services authenticate each other, and
security engineers who review the above. You should be comfortable
with HTTP and basic cryptographic vocabulary (public/private key,
signature, hash). You don't need prior OAuth experience — the
workshop explains everything before using it. Anyone whose response
to “explain OAuth flows” is “I always have to look it up” will get a
lot out of this.

About Brian Sletten

Brian Sletten is a liberal arts-educated software engineer with a focus on forward-leaning technologies. His experience has spanned many industries including retail, banking, online games, defense, finance, hospitality and health care. He has a B.S. in Computer Science from the College of William and Mary and lives in Auburn, CA. He focuses on web architecture, resource-oriented computing, social networking, the Semantic Web, AI/ML, data science, 3D graphics, visualization, scalable systems, security consulting and other technologies of the late 20th and early 21st Centuries. He is also a rabid reader, devoted foodie and has excellent taste in music. If pressed, he might tell you about his International Pop Recording career.

More About Brian »