October 31 - November 1 - Co-Located Events
October 28-30 - Conference
Lyon Convention Centre - Lyon, France
More information for Open Source Summit + Embedded Linux Conference Europe 2019
Back To Schedule
Wednesday, October 30 • 16:15 - 16:50
Decentralizing OAuth2.0 for a Post-GDPR World - Mehdi Medjaoui, Progressive Identity

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In the classic OAuth 2.0 flows, the authorization server and the resource server are behind the same firewall, giving full power and control about sharing capabilities to the Identity Provider (i.e. Facebook, Amazon, Google etc...).

Because of new regulations about data portability (GDPR in Europe and CCPA in California), now every user is able to ask a full export of its data to be stored anywhere, breaking Identity Provider monopoly and control. In that context, users can now own fully a copy of their data and share it to whom they want. To really decentralize data from permissions, make users in control and companies GDPR compliant, you need now to update OAuth2.0 dance into a stateless flow and tokenize the GDPR permission contract.

In this talk, Mehdi will explain how you can use open source technologies to automate GDPR requests for your users to export 3rd-party data in your system and tokenize your GDPR contract using ALIAS protocol (based on OAuth2.0)

avatar for Mehdi Medjaoui

Mehdi Medjaoui

Automating the world, one API at a time, Progressive Identity
Mehdi is an entrepreneur and API evangelist who believe APIs are the contracts of the programmable world. He is currently the founder of ALIAS.dev, a set of APIs and DevTools to make GDPR and privacy laws programmable. He is also the co-author of Continuous API management 1st ans... Read More →

Wednesday October 30, 2019 16:15 - 16:50 CET
Tête d'Or 2