Presentation is loading. Please wait.

Presentation is loading. Please wait.

OAuth Use Cases Zachary Zeltsan 31 March 2011. 2 Outline Why use cases? Present set in the draft draft-zeltsan-oauth-use-cases-01.txt by George Fletcher.

Published byCory Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "OAuth Use Cases Zachary Zeltsan 31 March 2011. 2 Outline Why use cases? Present set in the draft draft-zeltsan-oauth-use-cases-01.txt by George Fletcher."— Presentation transcript:

1 OAuth Use Cases Zachary Zeltsan 31 March 2011

2 2 Outline Why use cases? Present set in the draft draft-zeltsan-oauth-use-cases-01.txt by George Fletcher [gffletch@aol.com], Torsten Lodderstedt [torsten@lodderstedt.net], and Zachary Zeltsan [zachary.zeltsan@alcatel-lucent.com] )  Template for a use case  Overall list  Cases supported in OAuth 2.0  Cases not supported in OAuth 2.0 Relations to other organizations  WAC  Kantara (UMA) Proposal

3 3 Why use cases? The question “what is the use case?” has been mentioned on the list over 100 times since the beginning of the group. We need to understand the high-level view of the function why a certain protocol feature is there (and this is easy to forget!) the relation of the low level detail to the original concept and need We need to explain to a broader community what we want to achieve Development of a draft on the use cases was requested (suggested?) by Peter at the OAuth meeting at the IETF 77

4 4 Overall list Web server User-agent In-App-Payment (based on Native Application) Mobile App Device Client password credentials Assertion Content manager Access token exchange Multiple access tokens Gateway for browser-based VoIP applets Signed Messages Signature with asymmetric secret Template for a use case:  Description  Pre-conditions  Post-conditions  Requirements

5 5 Cases supported in OAuth 2.0 Authorization code Web server Implicit grant User-agent Mobile App (as a native application) In-App-Payment (Native app. with additional requirements) Client credentials Client password credentials Extensions Assertion Resource owner password credentials Mobile App (as a native application)

6 6 Cases not supported in OAuth 2.0 Content manager (requires re-delegation) Access token exchange (requires issuance of the multiple access tokens; e.g., one to the client for access to resource server 1, another to the resource server 1 for access to resource server 2) Multiple access tokens (requires issuance of the multiple access tokens for access to several resource servers by the client) Gateway for browser-based VoIP applets (requires adaptation of OAuth for SIP) Signed messages (requires signatures that allow to verify that an access token was issued by an application A to an application B with the owner’s authorization) Device (requires display of URL of the Authorization Endpoint and Authorization Code in a user-friendly format) Signature with asymmetric secret (relies on the use of asymmetric cryptography)

7 7 Relations to other organizations Wholesale Application Community (WAC) The In-App-Payment (based on Native Application) use case has been approved by WAC Kantara initiative, User-Managed Access (UMA) use cases The use cases have not had a significant consideration

8 8 Proposal (Try to) adhere to top-down design, preferably driven by use cases Maintain the use case list and publish as Informational RFC to accompany each protocol release

Download ppt "OAuth Use Cases Zachary Zeltsan 31 March 2011. 2 Outline Why use cases? Present set in the draft draft-zeltsan-oauth-use-cases-01.txt by George Fletcher."

Similar presentations

Presence, Security and Privacy. www.dynamicsoft.com VON 3.20. 01 The Current Environment Many Faces of Security Authentication Verify someone is who they.

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
FI-WARE Testbed Access Control temporary solution.

FI-WARE Testbed Access Control temporary solution.
© 2014 The MITRE Corporation. All rights reserved. Mark Russell OAuth and OpenID Connect Risks and Vulnerabilities 12/3/2014 Approved for Public Release;

© 2014 The MITRE Corporation. All rights reserved. Mark Russell OAuth and OpenID Connect Risks and Vulnerabilities 12/3/2014 Approved for Public Release;
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).

Hannes Tschofenig, Blaine Cook (IETF#79, Beijing).
Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.

Hannes Tschofenig (IETF#79, SAAG, Beijing). Acknowledgements I would like to thank to Pasi Eronen. I am re- using some of his slides in this presentation.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.

9,825,461,087,64 10,91 6,00 0,00 8,00 SIP Identity Usage in Enterprise Scenarios IETF #64 Vancouver, 11/2005 draft-fries-sipping-identity-enterprise-scenario-01.txt.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.

An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23, 2014 1.

ACE – Design Considerations Corinna Schmitt IETF ACE WG meeting July 23,
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.

1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.

Practical Steps to Secure your APIs for Mobile Mark O’Neill VP Innovation, Axway.
OAuth 2.0 in Depth By Rohit Ghatol SynerzipSynerzip Passionate about TechNextTechNext.

OAuth 2.0 in Depth By Rohit Ghatol SynerzipSynerzip Passionate about TechNextTechNext.

Similar presentations

Ads by Google