Explore public key caching strategies for token signature validation in this DevSecCon conference talk. Delve into the world of modern access delegation and consumer authentication protocols, focusing on OAuth2 and OpenID Connect. Learn about JSON Web Tokens (JWTs) and their implementation using asymmetric cryptography. Understand the importance of public key verification for token trust and the performance benefits of local key storage and caching. Examine the challenges posed by dynamic key management and the need for cache refreshing when token signing keys are changed. Compare different caching strategies, including "On-Demand Refresh," "Regular Refresh," and "Refresh on Expiry," evaluating their performance and security trade-offs. Gain valuable insights into the benefits and liabilities of each approach, enabling you to make informed decisions about implementing public key caching in your own systems.