oauth 2 0 authorization server discovery metadata
play

OAuth 2.0 Authorization Server Discovery Metadata - PowerPoint PPT Presentation

Jul 20, 2023 •330 likes •423 views

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

  1. * OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1

  2. Document Status  Current draft addresses WGLC feedback See https://tools.ietf.org/html/draft-ietf-oauth-discovery-  02#appendix-B for specific changes made (obviously other than the “don’t do this work” feedback)  2

  3. Use Cases Covered (1)  OAuth 2.0 client configuration  Provides data needed to configure a client to use an authorization server in a standard format  Superior to publishing the same data on developer Web pages in an ad-hoc manner  AS configuration validation  Clients can validate issuer returned per draft-ietf- oauth-mix-up-mitigation with metadata issuer  Clients can validate AS metadata obtained at configuration time against AS metadata obtained at runtime 3

  4. Use Cases Covered (2)  Authorization Server Discovery Result  The AS Discovery Metadata document is the result of AS discovery processes, such as WebFinger lookup of the AS  AS Metadata Registry enables extensibility  Enables publication of application-specific metadata about the authorization server  For example, publication of resource server info when RS controlled by the authorization server 4

  5. Implementation Status  Several OAuth clients using for configuration  E.g., Microsoft ADAL OAuth client, RoHe client  All OpenID Connect Discovery implementations use this AS metadata format  E.g. 23 implementations using this metadata format listed at http://openid.net/certification/ 5

  6. Next Step for Spec: Request Publication  Why?  Standardize existing practice for AS metadata  Enables AS configuration to be validated at runtime for mix-up mitigation  But what if we haven’t thought of everything?  The registry enables extensibility  But what about solving discovery all-up?  The AS metadata format is stable and any AS discovery solutions developed will use it 6

  7. OAuth Discovery Landscape and Use Cases  Discussing, agreeing on Discovery use cases is likely the most productive WG next step  In one common use case, AS controls single RS – as in OpenID Connect use case  Phil, Tony leading discussion on use case in which client knows both intended RS & AS  Many other use cases already implemented  Hopefully understanding diverse OAuth Discovery use cases will result in new widely applicable consensus Discovery solutions 7

  8. Next steps towards deeper OAuth Discovery  Determine use cases we want to enable  Evaluate possible solutions  Create additional discovery specifications standardizing those solutions 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney <jbasney@ncsa.Illinois.edu> Brian Bockelman <bbockelm@cse.unl.edu> This material is based upon work supported by the National S cience Foundation under Grant

379 views • 20 slides
OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single

OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single

OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single identity sign-on provision identity API access federation management The four Connect2id server pillars Based on the latest standards OpenID

580 views • 26 slides
Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se) Gran Selander (goran.selander@ericsson.com) Erik Wahlstrm (erik.wahlstrom@nexusgroup.com) Samuel Erdtman (samuel.erdtman@nexusgroup.com) Hannes

147 views • 10 slides
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow Whats the problem As the web grows, more and more sites

786 views • 45 slides
OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos Resource sharing Authorization Client Resource owner Resource storage Resource access Resource

1.11k views • 18 slides
An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. OAuth 2.0 Definition Why is this relevant for IXP operators? OAuth 2.0 Roles The resource owner is the user - you

523 views • 29 slides
A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle University, UK HANNES TSCHOFENIG, Arm Limited, UK As our daily lives become ever more connected, the need for security becomes more important. This

164 views • 13 slides
Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106, 21.11.2019, Singapore Brian Campbell, Nat Sakimura, Dave Tonge, Filip Skokan, Torsten Lodderstedt { "userinfo":{

340 views • 16 slides
The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700 institutions worldwide expose metadata via the Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH) using open standards like URI, HTTP ,

224 views • 19 slides
DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery

DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery

DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery Prague, July 2017 M. Boucadair (Orange) T. Reddy (McAfee) P. Patil (Cisco) 1 Context & Motivation A DOTS client needs to learn the IP

306 views • 14 slides
Breakfasts 2017 Welcome to Junes BIC Breakfast: Metadata for Journals Discovery - What

Breakfasts 2017 Welcome to Junes BIC Breakfast: Metadata for Journals Discovery - What

Breakfasts 2017 Welcome to Junes BIC Breakfast: Metadata for Journals Discovery - What Publishers Need to Know #BICBreakfast Kindly sponsored by What is a BIC Breakfast? BIC Committees Digital Supply Chain Libraries Metadata Physical

1.07k views • 82 slides
Discovery mechanisms Retrieving the domain name DHCP IP

Discovery mechanisms Retrieving the domain name DHCP IP

TURN Server Auto Discovery dra5-pa8l-tram-turn-serv-disc-01 Prashanth Pa)l, Tiru Reddy, Dan Wing IETF-90 TURN Server Auto Discovery

356 views • 12 slides
Evaluating Lustres Metadata Server on a Multi-Socket Platform Konstantinos Chasapis

Evaluating Lustres Metadata Server on a Multi-Socket Platform Konstantinos Chasapis

Evaluating Lustres Metadata Server on a Multi-Socket Platform Konstantinos Chasapis Scientific Computing Department of Informatics University of Hamburg 9th Parallel Data Storage Workshop Motivation Motivation Metadata performance can be

274 views • 26 slides
Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2 What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2 What is OAuth? Your Valet Key for the Web Delegated Authentication

357 views • 33 slides
OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical Architect, Ping Identity Purpose Best Current Practices Document Builds mostly on RFC 8252 - OAuth 2.0 for Native Apps I-D

386 views • 10 slides
& 1st large scale oauth stealing botnet & Secure delegation mechanism De-facto

& 1st large scale oauth stealing botnet & Secure delegation mechanism De-facto

& 1st large scale oauth stealing botnet & Secure delegation mechanism De-facto authentication standard & & Exploit server Play store fake install/comments Ads injection Repacked (non-google) app Registration

717 views • 55 slides
Architects Guide to Impact 2010 Scalable Connectivity Marc-Thomas Schmidt Distinguished

Architects Guide to Impact 2010 Scalable Connectivity Marc-Thomas Schmidt Distinguished

Todays Agenda Architects Guide to Impact 2010 Scalable Connectivity Marc-Thomas Schmidt Distinguished Engineer IBM Chief Architect SOA Connectivity Connectivity Issues Effect Business Outcomes Cost Optimization Agility to slash

249 views • 21 slides
Total Latency in Singleton Congestion Games Price of Anarchy Martin Gairing 1 Florian Schoppmann 2

Total Latency in Singleton Congestion Games Price of Anarchy Martin Gairing 1 Florian Schoppmann 2

Introduction Unrestricted Restricted Conclusion Total Latency in Singleton Congestion Games Price of Anarchy Martin Gairing 1 Florian Schoppmann 2 1 International Computer Science Institute, Berkeley, CA, USA 2 International Graduate School

663 views • 27 slides
VITALAS at TRECVID 2009 Studying User Search Behavior with a Video Retrieval System Henning Rode,

VITALAS at TRECVID 2009 Studying User Search Behavior with a Video Retrieval System Henning Rode,

VITALAS at TRECVID 2009 Studying User Search Behavior with a Video Retrieval System Henning Rode, Theodora Tsikrika, Arjen de Vries CWI Amsterdam The Netherlands VITALAS Project 16th November 2009 H.Rode et al. (CWI) VITALAS at TRECVID

248 views • 24 slides
Why Columbus Wasnt Chinese Emperor Yongle 1403-24 Malacca With the virtue of a sage and

Why Columbus Wasnt Chinese Emperor Yongle 1403-24 Malacca With the virtue of a sage and

Why Columbus Wasnt Chinese Emperor Yongle 1403-24 Malacca With the virtue of a sage and placed in the seat of a sage, [my father, Emperor Hung- wu] had a controlling power over Heaven, Earth, and Man, thus harmonizing yin and yang and

409 views • 13 slides
The dispersive optical model as an interface between FRIB ab initio calculations and experiment

The dispersive optical model as an interface between FRIB ab initio calculations and experiment

The dispersive optical model as an interface between FRIB ab initio calculations and experiment 6/20/2018 Motivation Greens functions/propagator method W i m D i c k h o vehicle for ab initio calculations > matter f

615 views • 48 slides
PTO Meeting/PTO Hosts PTO Meeting/PTO Hosts Six Standards of Effective Six Standards of

PTO Meeting/PTO Hosts PTO Meeting/PTO Hosts Six Standards of Effective Six Standards of

10/4/2018 PTO Meeting/PTO Hosts PTO Meeting/PTO Hosts Six Standards of Effective Six Standards of Effective Pedagogy Pedagogy PTO Meeting: White Oak PTO PTO Meeting: White Oak PTO PTO Hosts Presentation by: Sarah Van Duzer and

551 views • 12 slides
Few-Body Physics with Relation to Neutrinos Saori Pastore HUGS Summer School Jefferson Lab -

Few-Body Physics with Relation to Neutrinos Saori Pastore HUGS Summer School Jefferson Lab -

Few-Body Physics with Relation to Neutrinos Saori Pastore HUGS Summer School Jefferson Lab - Newport News VA, June 2018 bla Thanks to the Organizers 1 / 78 Neutrinos (Fundamental Symmetries) and Nuclei Topics (5 hours) * Nuclear Theory for

1.02k views • 78 slides
Fermionic functional renormalization group for first-order phase transitions A mean-field model

Fermionic functional renormalization group for first-order phase transitions A mean-field model

Fermionic functional renormalization group for first-order phase transitions A mean-field model Roland Gersch, Julius Reiss, Carsten Honerkamp Dept. Metzner, MPI for Solid State Research, Stuttgart Dresden, 27.02.2007 Fermionic functional

623 views • 12 slides

More recommend