Presentation is loading. Please wait.

Presentation is loading. Please wait.

05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.

Similar presentations


Presentation on theme: "05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen."— Presentation transcript:

1 05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen P. Lewison Pomcor

2 05/03/2011Pomcor 2 Contents The following slides illustrate protocol steps described in the white paper “ Achieving the Privacy Goals of NSTIC in the Short Term ” available at http://pomcor.com/whitepapers/NSTICWhitePaper.pdf There are three protocol variations: Attribute verification Delegated authorization Social login

3 05/03/2011Pomcor 3 Attribute Verification

4 Attribute Provider Browser Relying Party Attribute request + Callback URL Step 1

5 Attribute Provider Browser Relying Party Attribute request + one-time Public Key Retains callback URL. Produces one-time key pair, retains one-time private key. User’s long term TLS certificate Step 2

6 Attribute Provider Browser Relying Party One-time cert binding attribute to one-time public key Step 3

7 Attribute Provider Browser Relying Party Asks user’s permission to pass attribute to relying party Step 4

8 Attribute Provider Browser Relying Party Uses one-time private key in TLS handshake Step 5 One-time cert used as TLS client cert Targets callback URL Browser Success

9 05/03/2011Pomcor 9 Delegated Authorization

10 Site holding user’s account Browser Web application Access request + One-time public key + Callback URL Step 1

11 Browser Access request + one-time Public Key Retains callback URL User’s long term TLS certificate Step 2 Site holding user’s account Web application

12 Browser One-time cert binding access grant to one-time public key Step 3 Site holding user’s account Web application

13 Browser Asks user’s permission to grant access to application Step 4 Site holding user’s account Web application

14 Browser Step 5 Browser One-time cert with access grant Targets callback URL Site holding user’s account Web application

15 Browser Step 6 Browser One-time cert with access grant used as TLS client cert Site holding user’s account Web application

16 05/03/2011Pomcor 16 Social Login Combines attribute verification And delegated authorization

17 Attribute Provider Browser Attribute request, access request, app’s one-time public key, callback URL Step 1 Web application

18 Attribute Provider Browser User’s long term TLS certificate Step 2 Retains callback URL. Produces browser’s one-time key pair, retaining private key. Attribute request, browser’s one-time public key, access request, app’s one-time public key Web application

19 Attribute Provider Browser One-time cert binding attribute to browser’s one-time public key + one-time cert binding access grant to app’s one-time public key Step 3 Web application

20 Attribute Provider Browser Asks user’s permission to pass attribute and grant access to application Step 4 Web application

21 Attribute Provider Browser Step 5 Browser One-time cert with access grant Uses one-time private key in TLS handshake One-time cert with attribute used as TLS client cert Targets callback URL Web application

22 Attribute Provider Browser Step 6 Browser One-time cert with access grant used as TLS client cert Web application


Download ppt "05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen."

Similar presentations


Ads by Google