research on openid and its integration within the
play

Research on OpenID and its integration within the GravityZoo - PowerPoint PPT Presentation

Aug 10, 2023 •121 likes •268 views

Research on OpenID and its integration within the GravityZoo framework Jarno van de Moosdijk 1/14 Research questions How does OpenID work? What are the requirements for integrating OpenID into the GravityZoo framework? How mobile

  1. Research on OpenID and its integration within the GravityZoo framework Jarno van de Moosdijk 1/14

  2. Research questions • How does OpenID work? • What are the requirements for integrating OpenID into the GravityZoo framework? • How mobile phone friendly are the most popular OpenID Providers? 2/14

  3. GravityZoo: What? Cloud that handles application delivery to devices (SaaS) • ConTaX, MediaZoo • 3/14

  4. OpenID: Basic terminology • End user • Identifier • OpenID Provider (OP) • Relying Party (RP) 4/14

  5. OpenID: end user experience 5/14

  6. OpenID: Redirection No authentication data is transfered directly between RP and OP • Authentication data is transfered through keys appended to the • redirect URL RP never sees the password of the user, only the OP response • https://logmij.in/index.php/serve? openid.assoc_handle =%7BHMAC-SHA1%7D%7B49744372% • 7D%7BMEOX0w%3D%3D%7D& openid.identity =https%3A%2F%2Flogmij.in%2Fals% 2Fjarno& openid.mode =checkid_setup& openid.return_to =http%3A%2F% 2Fopenidenabled.com%2Fresources%2Fopenid-test%2Fdiagnose-server%2FTestCheckidSetup% 2F%3Faction%3Dresponse%26attempt%3D1%26nonce%3DPIX42n6G& openid.trust_root =http% 3A%2F%2Fopenidenabled.com%2Fresources%2Fopenid-test%2Fdiagnose-server% 2FTestCheckidSetup%2F 6/14

  7. OpenID: In depth 7/14

  8. OpenID: In depth 8/14

  9. OpenID: In depth 9/14

  10. GravityZoo: Authentication • Currently only username/password login • Handled by the Authentication and Licensing server role 10/14

  11. OpenID: The requirements • Requirements that have the biggest impact • 1: Association – Internet access needed to create association with the OP – Shared secret key and MAC key need trusted storage • 2: Intercepting the response – Webserver needed to intercept the response of the OP • 3: Authorization – Communication with the ALS needed to handle authorization 11/14

  12. Three scenarios: 1/2 • Everything on a new server role – Secret Keys need to be stored in the trusted part of the cloud – Keys would need to be sent over the network to trusted part – Authorization requests would need to be sent to the ALS – The (web-)server has a direct link to the ALS • Integrate the whole RP role into the GravityZoo ALS – No web-server allowed in the trusted part of the cloud 12/14

  13. Three scenarios: 2/2 • Best of both worlds: • Separate web-server, rest on the GravityZoo ALS – Shared secret keys can be stored in the trusted environment – Web-server act as a forwarder for the authentication response – Authorization can be handled by the ALS in the normal way 13/14

  14. Future Work • Security of OpenID 14/14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CLIENT INITIATED BACKCHANNEL AUTHENTICATION CIBA? CIBA is an authentication flow like OpenID

CLIENT INITIATED BACKCHANNEL AUTHENTICATION CIBA? CIBA is an authentication flow like OpenID

CLIENT INITIATED BACKCHANNEL AUTHENTICATION CIBA? CIBA is an authentication flow like OpenID Connect. However, unlike OpenID Connect, there is direct Relying Party to OpenID Provider communication without redirects through the user's browser.

505 views • 17 slides
Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID

Bridging OpenID and SAML 2.0 Andreas kre Solberg andreas@uninett.no Terminology OpenID Terminology OpenID OpenID OpenID Consumer Identity Provider SAML 2.0 Terminology SAML 2.0 SAML 2.0 Service Provider Identity Provider What is

427 views • 16 slides
OpenID Connect fredag 7 september 12 OpenID Connect fredag 7 september 12 Necessity for

OpenID Connect fredag 7 september 12 OpenID Connect fredag 7 september 12 Necessity for

OpenID Connect fredag 7 september 12 OpenID Connect fredag 7 september 12 Necessity for communication - information about the other part fredag 7 september 12 Trust management not solved! fredag 7 september 12 (1) OP discovery The user

254 views • 23 slides
Introduction to OpenID Connect October 23, 2018 Michael B. Jones Identity Standards Architect

Introduction to OpenID Connect October 23, 2018 Michael B. Jones Identity Standards Architect

Introduction to OpenID Connect October 23, 2018 Michael B. Jones Identity Standards Architect Microsoft Working Together OpenID Connect What is OpenID Connect? Simple identity layer on top of OAuth 2.0 Enables RPs to verify identity

831 views • 56 slides
Subverting OpenID: Intro to Net::OpenID::Server Abram Hindle Kitchener/Waterloo Perl Mongers

Subverting OpenID: Intro to Net::OpenID::Server Abram Hindle Kitchener/Waterloo Perl Mongers

Subverting OpenID: Intro to Net::OpenID::Server Subverting OpenID: Intro to Net::OpenID::Server Abram Hindle Kitchener/Waterloo Perl Mongers Canada http://softwareprocess.es/ abram.hindle@softwareprocess.es Abram Hindle 1 Subverting

391 views • 21 slides
OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single

OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single

OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single identity sign-on provision identity API access federation management The four Connect2id server pillars Based on the latest standards OpenID

580 views • 26 slides
OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm,

Shib Shibbolet oleth Develo Developmen ent a t and Su d Supp pport Services t Services OpenID OpenID and SAML and SAML Fiona Culloch, EDINA Fiona Culloch, EDINA EuroCAMP, Stockholm, 7 May 2008 EuroCAMP, Stockholm, 7 May 2008 Shib

666 views • 20 slides
Towards an OpenID -based solution to the Social Network Interoperability problem M. Mostarda,

Towards an OpenID -based solution to the Social Network Interoperability problem M. Mostarda,

W3C Workshop on the Future of Social Networking, Barcelona January 2009 Towards an OpenID -based solution to the Social Network Interoperability problem M. Mostarda, D. Palmisano, F. Zani, S. Tripodi About Us We are proud member of the W3C

252 views • 21 slides
CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup

CD/MH Integration Workgroup The What and the How of integration CD Integration Workgroup RECOMMENDATIONS TO THE TASK FORCE July 18, 2014 Each Behavioral Health Organization should provide rapid access to the following billable services along a

790 views • 9 slides
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017 - 2017-07-01 Problem -

openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017 - 2017-07-01 Problem -

openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017 - 2017-07-01 Problem - More Client Devices per-Human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs arent fun - Legacy Solutions

788 views • 32 slides
OpenID in domain registry CZ.NIC - http://www.nic.cz Ondrej Filip / ondrej.filip @nic.cz Dec 8

OpenID in domain registry CZ.NIC - http://www.nic.cz Ondrej Filip / ondrej.filip @nic.cz Dec 8

OpenID in domain registry CZ.NIC - http://www.nic.cz Ondrej Filip / ondrej.filip @nic.cz Dec 8 2010, Cartagena, Colombia ccNSO Meeting 1 Everybody experienced this ... 2 3 N O I T A S R S T A S I P G / E E M R A N U .

361 views • 22 slides
Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services

Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services

Outline Introduction Support technologies Privacy-preserving IDaaS system Conclusions Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services David Nu nez , Isaac Agudo, and Javier Lopez Network,

422 views • 24 slides
OpenID Connect Authentication in iRODS Kyle Ferriter kferriter@renci.org Renaissance Computing

OpenID Connect Authentication in iRODS Kyle Ferriter kferriter@renci.org Renaissance Computing

OpenID Connect Authentication in iRODS Kyle Ferriter kferriter@renci.org Renaissance Computing Institute (RENCI) UNC - Chapel Hill Context and Use Case NIH Data Commons Web application - CommonsShare.org Compute Platform and

318 views • 11 slides
Fediz OIDC CXF Powered OpenId Connect Server Sergey Beryozkin Dr Colm O hEgeartaigh Talend

Fediz OIDC CXF Powered OpenId Connect Server Sergey Beryozkin Dr Colm O hEgeartaigh Talend

Fediz OIDC CXF Powered OpenId Connect Server Sergey Beryozkin Dr Colm O hEgeartaigh Talend Introduction to Apache CXF Production quality framework for creating Java JAX-RS 2.0 and JAX-WS services Widely used and integrated into

1.01k views • 27 slides
Description Logics for Integration Y. Ang elica Ib a nez-Garc a KRDB Research

Description Logics for Integration Y. Ang elica Ib a nez-Garc a KRDB Research

Ontology-based Data Integration Description Logics Description Logic-based Data Integration Discussion Description Logics for Integration Y. Ang elica Ib a nez-Garc a KRDB Research Centre, Faculty of Computer Science Free

668 views • 49 slides
Research Integration Model Codes Looking Forward Integration Bim Ex Plan Research

Research Integration Model Codes Looking Forward Integration Bim Ex Plan Research

BIM Ex Plan Research Integration Model Codes Looking Forward Integration Bim Ex Plan Research Integration Model Codes Looking Forward Integration Bim Ex Plan Research Integration Model BIM Project Execution Codes Looking Forward

720 views • 40 slides
IR Offi IR Office Web Sites: W b Sit Tips and Best Practices Tips and Best Practices Katherine

IR Offi IR Office Web Sites: W b Sit Tips and Best Practices Tips and Best Practices Katherine

IR Offi IR Office Web Sites: W b Sit Tips and Best Practices Tips and Best Practices Katherine McGuire Di Director of Institutional Research t f I tit ti l R h Agnes Scott College Overview I. My perspective on and experiences with

690 views • 55 slides
1 2 1. Employer Search: Allows you to search for a single employer record or multiple

1 2 1. Employer Search: Allows you to search for a single employer record or multiple

This training will cover job matching from the Job Bank Talent Bank. Starting from the Employer Module & comparing specific information between open job orders and customers. 1 2 1. Employer Search: Allows you to search for a

794 views • 67 slides
Q2 2017 Safe Harbor FORWARD-LOOKING STATEMENTS These slides and the accompanying oral

Q2 2017 Safe Harbor FORWARD-LOOKING STATEMENTS These slides and the accompanying oral

Investor Presentation Q2 2017 Safe Harbor FORWARD-LOOKING STATEMENTS These slides and the accompanying oral presentation contain forward looking statements. All statements other than statements of historical facts contained in these slides

406 views • 25 slides
LP C- 0 0 2 S CA L E : NTS 124 W E ST 8 8 TH STR E ET 1 2 4 W E ST 8 8 TH STR E ET 1 2 4 W E

LP C- 0 0 2 S CA L E : NTS 124 W E ST 8 8 TH STR E ET 1 2 4 W E ST 8 8 TH STR E ET 1 2 4 W E

WEST 88 TH STREET TOWNHOUSE L A N D M A R KS P R E S E R VAT I O N C O M M I S S I O N A N D C O M M U N I T Y B OAR D 7 P R E S E NTAT I O N 2017 AUGUST 8 W E ST 8 8TH STR E ET TOW N H O U S E O L I V E R F R E U N D L I C H D E S I G N

492 views • 27 slides
Single-point Webserver COUNTIS E17 - E18 - E27 - E28 Single-point Webserver The products have an

Single-point Webserver COUNTIS E17 - E18 - E27 - E28 Single-point Webserver The products have an

Single-point Webserver COUNTIS E17 - E18 - E27 - E28 Single-point Webserver The products have an Ethernet port with an integrated web server accessible on a standard web browser (Internet Explorer, firefox) Single-point webserver 2

456 views • 14 slides
Measurement Lab @ Supporting Open Internet Research Lai Yi Ohlsen laiyi@measurementlab.net

Measurement Lab @ Supporting Open Internet Research Lai Yi Ohlsen laiyi@measurementlab.net

Measurement Lab @ Supporting Open Internet Research Lai Yi Ohlsen laiyi@measurementlab.net @measurementlab @laiyiohlsen Supporting Partners Our Community @ Companies Journalists Governments & Regulators Academics Experiment

838 views • 46 slides
WG1 Report Technology Development & Assessment WG North-East Asia OSS Promotion Forum

WG1 Report Technology Development & Assessment WG North-East Asia OSS Promotion Forum

WG1 Report Technology Development & Assessment WG North-East Asia OSS Promotion Forum 4/14/2006 Tomomi Suzuki, Japan Wei Chen, China Doosik Park, Korea 1 Agenda 1. Overview of WG1 activities 2. Statement of WG1 in April 13th 3.

295 views • 15 slides
Open Source Tools for Performance Testing and Monitoring Presented by: Kaushal Dalvi Ultimate

Open Source Tools for Performance Testing and Monitoring Presented by: Kaushal Dalvi Ultimate

T22 Performance Testing Thursday, May 3rd, 2018 3:00 PM Open Source Tools for Performance Testing and Monitoring Presented by: Kaushal Dalvi Ultimate Software Brought to you by: 350 Corporate Way, Suite 400, Orange Park, FL 32073 888 --- 268

558 views • 17 slides

More recommend