Hannes Tschofenig (IETF#79, SAAG, Beijing)

Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation. 6/1/2015IETF #79, OAuth Overview, SAAG Meeting, Beijing 2

6/1/2015IETF #79, OAuth Overview, SAAG Meeting, Beijing 3 The Problem: Secure Data Sharing

6/1/2015IETF #79, OAuth Overview, SAAG Meeting, Beijing 4

6/1/2015IETF #79, OAuth Overview, SAAG Meeting, Beijing 5 Example OAuth Exchange

6/1/20156IETF #79, OAuth Overview, SAAG Meeting, Beijing User Enters a URL In the web browser

6/1/20157IETF #79, OAuth Overview, SAAG Meeting, Beijing Browser opens URL

6/1/20158IETF #79, OAuth Overview, SAAG Meeting, Beijing User is presented With the option to access remote (but protected) data

6/1/20159IETF #79, OAuth Overview, SAAG Meeting, Beijing Resource Consumer Redirects to Authorization Server

6/1/201510IETF #79, OAuth Overview, SAAG Meeting, Beijing User authentication takes place

6/1/201511IETF #79, OAuth Overview, SAAG Meeting, Beijing User authorizes data exchange

6/1/201512IETF #79, OAuth Overview, SAAG Meeting, Beijing Authorization Granted Redirect from Authz Server back to Resource Consumer

6/1/201513IETF #79, OAuth Overview, SAAG Meeting, Beijing Resource Consumer Requests Token from Authorization Server For Access to the Resource Server

6/1/201514IETF #79, OAuth Overview, SAAG Meeting, Beijing Resource Consumer Receives Token

6/1/201515IETF #79, OAuth Overview, SAAG Meeting, Beijing Resource Consumer Requests access to Data at the Resource Server

6/1/201516IETF #79, OAuth Overview, SAAG Meeting, Beijing Data exchange takes place

OAuth Profiles Token Request Work Scope User User Agent Authorization Server Resource Server Resource Consumer Access Request (incl. Token) Authorization Request 6/1/201517IETF #79, OAuth Overview, SAAG Meeting, Beijing User Interface Token Format And Content Authz Server Interaction Data ExchangeAuthentication Request Security Token Request/ Response Exchange

Summary Open Web Authentication (OAuth) is developed in the IETF to provide delegated authentication. Code available (see and deployment on the way. Working group is working on finalizing the OAuth 2.0 specification: – Rechartering discussion started with many extensions being considered by the group Your input is needed! 6/1/2015IETF #79, OAuth Overview, SAAG Meeting, Beijing 18