Why OpenID Connect is More Secure then Certificates - Marc Boorshtein, Tremolo Security, Inc.
Abstract
Most user’s first experience accessing a cluster usually involves a certificate. It’s one of the most secure ways to authenticate a user, when done properly. It’s not nearly as secure as OpenID Connect for your clusters. In this session you will learn why certificate authentication is a bad idea for your users accessing your clusters and why you should be using OpenID Connect. In addition to showing why OpenID Connect is the more secure method for accessing your clusters, the session will detail the OpenID Connect threat model and how to mitigate it. The session will also contrast this model with certificates and show how it’s nearly impossible to create an authentication system with certificates as secure as one protected with OpenID Connect. There will also be a chance for those attending to try to take over an OpenID Connect protected cluster!