Speakers Speakers mobile
Image of Rob Nichols

Rob Nichols

Rob has been using Ruby since 2005 and co-authored the book “Ruby on Rails Enterprise Application Development: Plan, Program, Extend” in 2007. He is now a contract Ruby developer and has worked for BBC, Marks and Spencer, The Environment Agency, Warwickshire County Council (WCC), Bodleian Library and a number of smaller organisations. He also has a beard.

Authentication: How much do you care, how much do they?

As we move on from simple email address/password authentication, how do we integrate our local systems with centralized authentication gateways? How do we maintain our users’ security and trust? The solutions involve:

  • Use standards based, widely used, systems: OUATH2, SAML, OpenID Connect
  • Keep things simple and limit customization - if there is an out-of-the-box solution use that.
  • Ensure interfaces look and behave the way users expect them to.
  • Limit the data gathered and saved through authentication.
  • Clarify to the user what data is being gathered, from whom, and for what purpose.
  • Use user data in a way that keeps it safe: Don’t display it in full on the page.
  • Do not give users more access than they need: Do you want a new user to be automatically registered?