Basic Applicaion Security Principals - Authentication vs. Authorization

This session would aim to educate developers of the increasing need to make applicaiton secuity a core component of thier design. It would further illustrate the core concepts behind Authentication ('you are who you say you are') and Authorization ('you can only perform the functions/permissions you are allowed to'). Based on these components, it becomes important for developers and application teams to be aware of how these permissions are granted (provisioned) and removed (de-provisioned). Additionally, this session would aim to address the complexities of inter-connected applications whereby AuthN/AuthZ components are shared across or dependancies between applications. Lastly, this session would provide a high-level overview of the complexities with the security, audit (certification/access review), and risk concerns in terms of how AuthN/AuthZ is applied within an application enviornment.