Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

Prabath Siriwardena | Johann Nallathamby.
Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
A SASL and GSS-API Mechanism for OAuth draft-ietf-kitten-sasl-oauth-00 draft-ietf-kitten-sasl-oauth-00 William Mills Tim Showalter Hannes Tschofenig.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
OAuth option for mHealth Brief Profile Proposal for 2013/14 presented to the IT Infrastructure Planning Committee R Horn (Agfa Healthcare)
SIP OAuth Rifaat Shekh-Yusef IETF 90, SIPCore WG, Toronto, Canada July 21,
2-levels Access control for HTTP binding Group Name: WG4 (& WG2/WG3 for information) Source: Shingo Fujimoto, FUJITSU, Meeting.
Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.
Openid Connect
HTTP config.Routes.MapHttpRoute( name: “TodosForTodoList", routeTemplate: "api/todolists/{id}/todos", defaults: new { controller = “todolists”,
M337 Standards Based Video Interop Interoperability modelling for Video Skype for Business Video Interoperability Server (VIS)
IETF #91 OAuth Meeting Derek Atkins Hannes Tschofenig.
Hannes Tschofenig, Blaine Cook. 6/4/2016 IETF #77, SAAG 2 The Problem.
OAuth Use Cases Zachary Zeltsan 31 March Outline Why use cases? Present set in the draft draft-zeltsan-oauth-use-cases-01.txt by George Fletcher.
UMA’s relationship to distributed authorization concepts 19 October 2013
Unified Cloud Storage Navneet Joshi, Apoorva Gupta, Gurinder Pal Singh Today there are a number of cloud storage services (Dropbox, Google drive, Box).
Authorisation Jens Jensen, Phil Kershaw (STFC) et al. contrail is co-funded by the EC 7th Framework Programme under Grant Agreement nr contrail-project.eu.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
Web Authorization Protocol (oauth) Hannes Tschofenig.
Justin Richer The MITRE Corporation October 8, 2014 Overview of OAuth 2.0 and Blue Button + REST.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Real-Time Streaming Protocol draft-ietf-mmusic-rfc2326bis-01.txt Magnus Westerlund.
Automate Blue Button Initiative Pull Workgroup Meeting December 13, 2012.
Secure Mobile Development with NetIQ Access Manager
OpenID Connect Working Group May 10, 2016 Mike Jones Identity Standards Architect – Microsoft.
OpenID Certification June 7, 2016 Michael B. Jones Identity Standards Architect – Microsoft.
Web Authorization Protocol WG Hannes Tschofenig, Derek Atkins.
Building Secure Microservices
Dr. Michael B. Jones Identity Standards Architect at Microsoft
4/18/2018 1:15 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Azure Identity Premier Fast Start
OAuth 2.0 Improvements Losing Half a Leg.
Hannes Tschofenig, Derek Atkins
OGSA-WG Basic Profile Session #1 Security
OAuth2 WG User Authentication for Clients
Chairs: Derek Atkins and Hannes Tschofenig
TrueNTH OAuth Role Based Permission System Victor de Lima Soares
OAuth Assertion Documents
Agenda OAuth WG IETF 87 July, 2013.
Addressing the Beast: Single Sign-On II
OpenID Connect Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
Device Flow <draft-ietf-oauth-device-flow-03>
Dominik Pinter, CMS.IO, Authentication Dominik Pinter,
OpenID Enhanced Authentication Profile (EAP) Working Group
CDS Hooks HL7 WGM Jan 2018 CDS Working Group Tuesday, January 30, 2018
OpenID Connect Working Group
IOS SDK v1.0 with NAM 4.2.
Introduction to the FAPI Read & Write OAuth Profile
OpenID Connect Working Group
A few recent days in the news…
SharePoint Online Authentication Patterns
Office 365 Development.
SMART on FHIR for managed authorised access to medical records
Token-based Authentication
OpenID Enhanced Authentication Profile (EAP) Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
Computer Network Information Center, Chinese Academy of Sciences
Push-Based SET Token Delivery Using HTTP
Authentication and Authorization for Constrained Environments (ACE)
Web Authorization Protocol (OAuth)
OpenID Connect Working Group
OpenID Enhanced Authentication Profile (EAP) Working Group
HIP – FAS flows addendum to the OIDC integration guide for eBox HIPs.
Presentation transcript:

Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86

Data Gathered to Date Data characterizing 9 implementations – With more to follow 191 characteristics of implementations collected Covering: – RFC 6749 (OAuth Authorization Framework) – RFC 6750 (OAuth Bearer Token Usage) – draft-ietf-oauth-saml2-bearer – draft-ietf-oauth-jwt-bearer – oauth-v2-multiple-response-types-1_0 – Scopes defined by openid-connect-messages-1_0

All the specs are being used But they are being used differently Differences include: – Client types supported – Grant types used – Whether scopes are static values or structured – Whether access tokens are opaque or structured – Whether refresh tokens are supported Which extension points are used and how

Use of Extension Points is the Norm Extension points used include: – Scope values – Grant types – Response types – Request parameters (authorization & token) – Response parameters (authorization & token) – Protocol endpoints – HTTP authentication schemes

Interoperability is Being Achieved To achieve interop, implementations use common profiles Two profiles evident: – OpenID Connect profile of OAuth 2.0 – OpenESPI - Smart Grid profile There may have been others Others were just building framework code – With interop achievable by applications using it

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.