Justin Richer

JUSTIN RICHER is a systems architect, software engineer, standards editor, and service designer with over seventeen years of industry experience in a wide variety of domains including internet security, identity, collaboration, usability, and serious games. As an active member of the Internet Engineering Task Force (IETF) and OpenID Foundation (OIDF) he has directly contributed to a number of foundational security protocols including OAuth 2.0 and OpenID Connect 1.0, as well as being the editor of several extensions of OAuth 2.0 including Dynamic Client Registration (RFC7591 & RFC7592) and Token Introspection (RFC7662). His pioneering work with Vectors of Trust and the third edition of NIST’s Digital Identity Guidelines (Special Publication 800-63) have pushed the conversation of what a trusted identity means in an unpredictable landscape. He is the founder and maintainer of the enterprise-focused MITREid Connect open source implementation of OAuth 2.0 and OpenID Connect and has led production deployment of the system at a number of organizations including The MITRE Corporation and the Massachusetts Institute of Technology. An accomplished and confident presenter, he is much sought-after as a plenary and keynote speaker at conferences around the world to audiences of all technical proficiencies. An ardent proponent of open standards and open source, he believes in solving hard problems with the right solution, even if that solution still needs to be invented.

books by Justin Richer

Understanding API Security

  • February 2017
  • ISBN 9781617294327
  • 205 pages

Gone are the days when it was acceptable for a piece of software to live in its own little silo, disconnected from the outside world. Today, services are expected to be available for programming, mixing, and building into new applications. The web-based Application Programming Interface, or API, is how services make themselves available in this dynamic world. By exposing an API, a service can find new life and utility far beyond what its core functionality was designed to be. But these APIs need to be secured and protected in order to be truly useful. An API that's simply left open to everyone, with no security controls, cannot be used to protect personalized or sensitive information, which severely limits its usefulness.

The OAuth delegation and authorization protocol is one of the most popular standards for API security today. Understanding API Security is a selection of chapters from several Manning books that give you some context for how API security works in the real world by showing how APIs are put together and how the OAuth protocol can be used to protect them.

OAuth 2 in Action

  • March 2017
  • ISBN 9781617293276
  • 360 pages
  • printed in black & white
  • Available translations: Japanese, Korean, Simplified Chinese

OAuth 2 in Action teaches you practical use and deployment of OAuth 2 from the perspectives of a client, an authorization server, and a resource server. You'll begin with an overview of OAuth and its components and interactions. Next, you'll get hands-on and build an OAuth client, an authorization server, and a protected resource. Then you'll dig into tokens, dynamic client registration, and more advanced topics. By the end, you'll be able to confidently and securely build and deploy OAuth on both the client and server sides.