Rob has been using Ruby since 2005 and co-authored the book “Ruby on Rails Enterprise Application Development: Plan, Program, Extend” in 2007. He is now a contract Ruby developer and has worked for BBC, Marks and Spencer, The Environment Agency, Warwickshire County Council (WCC), Bodleian Library and a number of smaller organisations. He also has a beard.
Authentication: How much do you care, how much do they?
As we move on from simple email address/password authentication, how do we integrate our local systems with centralized authentication gateways? How do we maintain our users’ security and trust? The solutions involve:
- Use standards based, widely used, systems: OUATH2, SAML, OpenID Connect
- Keep things simple and limit customization - if there is an out-of-the-box solution use that.
- Ensure interfaces look and behave the way users expect them to.
- Limit the data gathered and saved through authentication.
- Clarify to the user what data is being gathered, from whom, and for what purpose.
- Use user data in a way that keeps it safe: Don’t display it in full on the page.
- Do not give users more access than they need: Do you want a new user to be automatically registered?