Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.

Published byBlake Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication."— Presentation transcript:

1 Identity Management Hannes Tschofenig

2 Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication protocol. – Works with any user authentication protocol (e.g., OATH, FIDO, W3C CryptoAPI, etc.)OATHFIDO – Federated login possible with OpenID ConnectOpenID Connect OAuth is widely used on the Internet. – Example: Salesforce, Google, MSFT Azure, Deutsche Telekom, GSMA mobile connect (Orange, Telekom Italia)

3 $ Identity: Any subset of an individual's attributes, including names, that identifies the individual within a given context. Individuals usually have multiple identities for use in different contexts. (RFC 6973)

4 Players Courtesy to Justin Richer for the figure. Token

5

6 Players: “Payment Terminology” Courtesy to Justin Richer for the figure. Merchant Customer Payment Infrastructure Token

7 Layering Payment on Top of Identity Infrastructure?

8 Insights we gained It works and is deployed. – Even password sharing practice has been significantly decreased. High interest to be the identity provider but not necessarily relying party. Incentivizing the issuance of strong credentials (i.e., stronger than passwords) is difficult. Design for a distributed mechanism can still lead to silos. Some companies use the standardized OAuth/OpenID Connect but add extensions that make their solution non- interoperable. – Lack of understanding? Mistake? Intention?

9 Insights we gained, cont. Relationship between relying party and identity provider is more than just technology. – Influenced by business agreements and legal frameworks  OIXOIX Security guidance we provide in our specifications (e.g., RFC 6819) is sometimes “kindly ignored”. Privacy: – Consent mechanism lead to better privacy. – Relying parties still ask for too much but this is a deployment choice rather than something a standard can dictate. – Choice offered is often limited  “take it or leave it”

10 More Info? OpenID Connect might be a good platform for a payment protocol. OpenID Connect Look at IETF OAuth working group for core specifications.IETF OAuth working group OAuth Tutorial: – Slides Slides – Recording (Might require to download a Cisco Webex ARF player at http://www.webex.com/go/down_player_win_arf) Recording http://www.webex.com/go/down_player_win_arf

Download ppt "Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication."

Similar presentations

WP8 Security and Privacy Identity Management 15. November 2012 Wolfgang Steigerwald (DT) Robert Seidl (NSN)

WP8 Security and Privacy Identity Management 15. November 2012 Wolfgang Steigerwald (DT) Robert Seidl (NSN)
7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.

7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.
Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).

Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).
Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Www.incommon.org A View into the Mi$t 1 RL Bob Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.

A View into the Mi$t 1 RL "Bob" Morgan University of Washington Co-chair, InCommon Technical Advisory Committee.
10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.

10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.
SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.

SKS – Secure Key Store KeyGen2 –Token Provisioning Protocol Executive Level Presentation.
1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…

1 Higgins 1: a species of Tasmanian long-tailed mouse 2: the name of an open source collaboration of IBM, Novell, Oracle, Parity…
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.

Hannes Tschofenig MIT CFP Privacy & Security Working Group Feb. 2 nd 2011.
Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.

Identity, Spheres and Privacy Rules Henning Schulzrinne (with Hannes Tschofenig and Richard Barnes) Workshop on Identity, Information and Context October.
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.

OAuth/UMA for ACE 24 th March 2015 draft-maler-ace-oauth-uma-00.txt Eve Maler, Erik Wahlström, Samuel Erdtman, Hannes Tschofenig.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
1 Confidential Authentication Session Hannes Tschofenig.

1 Confidential Authentication Session Hannes Tschofenig.
SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13, 2014 1.

SIP Authorization Framework Use Cases Rifaat Shekh-Yusef, Jon Peterson IETF 91, SIPCore WG Honolulu, Hawaii, USA November 13,
Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n. 306819.

Co-ordination & Harmonisation of Advanced e-Infrastructures for Research and Education Data Sharing Research Infrastructures Grant Agreement n
The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.

The Cloud Identity Security Leader. © 2012 Ping Identity Corporation Nair the twain shall meet Enterprise Social Mobile.
UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

UMA Could I Manage My Own Data. Please?. Agenda Business Trends & Technical Solutions Distributed Business (Decentralisation) Mobility & Automation Delegation.

Similar presentations

Ads by Google