Presentation is loading. Please wait.

Presentation is loading. Please wait.

NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.

Published byClinton Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions."— Presentation transcript:

1 NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions

2 Does NASA accept OpenID login? Does NASA accept OpenID login and rely on the level of user identity assurance level 0? –NO! But what do they do? For the NEX – NASA EARTH EXCHANGE – they do the following... 2012 (c) Secure Dimensions2NASA NEX & OpenID

3 Go to the NEX homepage If you go https://c3.nasa.gov they require you to login via HTTP BASIC AUTH, using your NEX accounthttps://c3.nasa.gov –=> No username/password = no login If you go https://c3.nasa.gov/nex then you can choose a login methodhttps://c3.nasa.gov/nex –E.g. OpenID as I do not have an account 2012 (c) Secure Dimensions3NASA NEX & OpenID

4 NEX Login No – don‘t have one  Yes – do have one 2012 (c) Secure Dimensions4NASA NEX & OpenID

5 Sign In with your OpenID 2012 (c) Secure Dimensions5NASA NEX & OpenID

6 After Login... Your Browser gets redirected back to ?NASA? Looks like a perfect Phishing Attack to me! 2012 (c) Secure Dimensions6NASA NEX & OpenID

7 After accepting the redirect back to NASA Surprise – You arrive a the „Create New OpenID User“ page 2012 (c) Secure Dimensions7NASA NEX & OpenID

8 What happens next? You need to fill out the form You will receive an email to confirm Your account creation with NASA is then pending... 2012 (c) Secure Dimensions8NASA NEX & OpenID

9 „Conclusions“ from Observation NASA NEX does not allow straight OpenID login! NASA NEX is accepting OpenID login, but only if your identity was checked by NASA before So essentially, NASA has applied their on extra security to lift OpenID identity assurance level 0 to their own level Problem: –You will end up in one NEX account for each of your OpenID accounts –Not interoperable if each „federation“ service provider uses on selection of OpenID providers 2012 (c) Secure Dimensions9NASA NEX & OpenID

10 This fits the SAML2 / OpenID proposal SAML 2 as the standard for exchanging user assertions and establishing identity assurance throught trusted Identity Providers Users from trusted IdPs are directly accepted Users from OpenId IdPs require extra checking Advantage of SAML2 base vs. NASA approach –Not each Service Provider must create accounts themselves – trusted Identity Providers would do that –Guarantee to the user that once accredited at the SAML2 / OpenID IdP, the account would work with all Service Providers and not only NEX from NASA 2012 (c) Secure Dimensions10NASA NEX & OpenID

Download ppt "NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions."

Similar presentations

1.Click on the Need a login? Click here. link directly beneath the login boxes. 2.Enter your social security number & birth date. When finished, click.

1.Click on the Need a login? Click here. link directly beneath the login boxes. 2.Enter your social security number & birth date. When finished, click.
Dear OpenID Santa This Christmas I wish…. To Accept OpenID Please find a way to allow users to login to clients apps Messenger Phone/apps Allow them to.

Dear OpenID Santa This Christmas I wish…. To Accept OpenID Please find a way to allow users to login to clients apps Messenger Phone/apps Allow them to.
Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).

Smartphone-based authorization system Advisor: Dr. Wenjun Zeng - Professor Presenter: Yilihamujiang, Ailiyasijiang Zhou, Guanlong Al-Sinani, H. S. (2011).
Setting Up Your Facebook Account. Step 1: Ensure you have a valid email account to use for your login. Eg. Hotmail, Gmail, Me etc.

Setting Up Your Facebook Account. Step 1: Ensure you have a valid account to use for your login. Eg. Hotmail, Gmail, Me etc.
Research and Innovation Participant Portal How to register for an ECAS account NEXT.

Research and Innovation Participant Portal How to register for an ECAS account NEXT.
For new coming user, you need to request account before log-in to the system by 1. Go to 2. Click “Register”

For new coming user, you need to request account before log-in to the system by 1. Go to 2. Click “Register”
By: Ansuya Chauhan.

By: Ansuya Chauhan.
U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.

U.S. Environmental Protection Agency Central Data Exchange EPA E-Authentication Pilot NOLA Network Node Workshop February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
© 2010, University of KentPrimeLife Vienna, 10 Sept 20101 CardSpace in the Cloud David Chadwick, George Inman University of Kent.

© 2010, University of KentPrimeLife Vienna, 10 Sept CardSpace in the Cloud David Chadwick, George Inman University of Kent.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
WebFTS as a first WLCG/HEP FIM pilot

WebFTS as a first WLCG/HEP FIM pilot
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 16 Prof. Crista Lopes.

INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 16 Prof. Crista Lopes.
Www.kennisnet.nl Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.

Naam van de Auteur 7 januari 2008 Kennisnet Entree: federated authentication Pieter BruringTechnical Product Manager.
SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.

SAML-based Delegation in Shibboleth Scott Cantor Internet2/The Ohio State University.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
COIS11011 Resource Package. How can MyITLab help you? Online training resource to improve your skills in Office Applications Online training resource.

COIS11011 Resource Package. How can MyITLab help you? Online training resource to improve your skills in Office Applications Online training resource.
Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Shibboleth-intro-dec051 Shibboleth A Technical Overview Tom Scavo NCSA.

Similar presentations

Ads by Google