signing http requests and responses
play

Signing HTTP Requests and Responses Dave Tonge, OAuth Security - PowerPoint PPT Presentation

Aug 14, 2022 •308 likes •369 views

Signing HTTP Requests and Responses Dave Tonge, OAuth Security Workshop 2019 Use case: Non-repudiation for backend JSON API calls Example 1: A payment request sent as a JSON payload to an API endpoint Example 2: A JSON API response from

  1. Signing HTTP Requests and Responses Dave Tonge, OAuth Security Workshop 2019

  2. Use case: Non-repudiation for backend JSON API calls

  3. Example 1: A payment request sent as a JSON payload to an API endpoint Example 2: A JSON API response from a bank containing the financial information.

  4. 1. Just use a JWT (maybe with content-negotiation) 2. Detached JWT (RFC7515 appendix-F) 3. Detached JWT unencoded payload (RFC7797) 4. Unencoded JWS JSON Serialization (RFC7797) 5. Draft-Cavage-HTTP-Signing combined with RFC7235 (Auth header) and RFC3230 (Digests) 6. JSON Canonicalisation + SHREQ

  5. Scheme Self- Human Deals with Deals with Uses JOSE Contrained Readable accidental body accidental corruption header corruption JWT Detached JWT Detached Unencoded Unencoded JSON Serialisation Draft Cavage JCS + SHREQ

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ruby on Rails SWEN 250 Personal Software Engineering How Websites Work Browsers send HTTP

Ruby on Rails SWEN 250 Personal Software Engineering How Websites Work Browsers send HTTP

Web Applications & Ruby on Rails SWEN 250 Personal Software Engineering How Websites Work Browsers send HTTP requests to a Server Servers send back HTTP responses HTTP requests & responses are newline-delimited strings with:

447 views • 9 slides
Introduction to Web built on a two-tier client/server system Requests and responses through

Introduction to Web built on a two-tier client/server system Requests and responses through

Introduction to Web built on a two-tier client/server system Requests and responses through which a Web browser and Web server communicate happen with HTTP Behavior W3C W3C The World Wide Web Consortium "The dream behind

1.33k views • 63 slides
New UK CA Web Portal (Using a browser agnostic JS library to create Certificate Signing Requests

New UK CA Web Portal (Using a browser agnostic JS library to create Certificate Signing Requests

New UK CA Web Portal (Using a browser agnostic JS library to create Certificate Signing Requests and Key-Pairs) david.meredith@stfc.ac.uk john.kewley@stfc.ac.uk sam.worley@stfc.ac.uk suleman.tariq@stfc.ac.uk jens.Jensen@stfc.ac.uk Abstract

844 views • 26 slides
Browsers Web-Big Picture The Client Any software that is capable of issuing HTTP requests

Browsers Web-Big Picture The Client Any software that is capable of issuing HTTP requests

Browsers Web-Big Picture The Client Any software that is capable of issuing HTTP requests A general purpose software application for requesting HTTP resources and displaying responses to the user is a web browser. Web Resources

833 views • 17 slides
Sessi ssion on Ma Mana nagem ement ent websec 1 Recall from last week: the web On the

Sessi ssion on Ma Mana nagem ement ent websec 1 Recall from last week: the web On the

Web Securi urity ty Sessi ssion on Ma Mana nagem ement ent websec 1 Recall from last week: the web On the web, servers and clients communicate by HTTP requests and responses HTTP request are usually GET or POST requests

1.73k views • 62 slides
Introduction to version 10.2 and responses to IF requests Makoto Asai SLAC SD/EPP Version 10.2

Introduction to version 10.2 and responses to IF requests Makoto Asai SLAC SD/EPP Version 10.2

Introduction to version 10.2 and responses to IF requests Makoto Asai SLAC SD/EPP Version 10.2 Released on December 4 th , 2015 Further improvements in both compu>ng speed and memory consump>on. Preliminary benchmarks show a

1.07k views • 58 slides
BERT Basic Error Response Type Bert Why: Document WG Choice What: method to sign

BERT Basic Error Response Type Bert Why: Document WG Choice What: method to sign

BERT Basic Error Response Type Bert Why: Document WG Choice What: method to sign responses on line Pros ... Simplifies negative wild card responses Fairly simple signing model model Satisfies universal signing requirement

623 views • 5 slides
HTTP Requests for Users & Package Developers Scott Chamberlain ( @sckottie ) 3

HTTP Requests for Users & Package Developers Scott Chamberlain ( @sckottie ) 3

HTTP Requests for Users & Package Developers Scott Chamberlain ( @sckottie ) 3 packages: crul, webmockr, vcr rOpenSci has a lot of pkgs that do http requests giving rise to the tools presented here crul - a new http client

591 views • 34 slides
Intercep(ng filter Purpose To do pre-processing on requests or post-processing on responses.

Intercep(ng filter Purpose To do pre-processing on requests or post-processing on responses.

Core JEE patterns - Presentation tier design patterns Intercep(ng filter Purpose To do pre-processing on requests or post-processing on responses. Notes Implementa6on available with JEE. More info

359 views • 12 slides
Responses to Questions http://vgrads.rice.edu/site_visit/april_2005/slides/responses vgES

Responses to Questions http://vgrads.rice.edu/site_visit/april_2005/slides/responses vgES

Responses to Questions http://vgrads.rice.edu/site_visit/april_2005/slides/responses vgES Accomplishments Design and Implementation of Synthetic Resource Generator for Grids which can generate Realistic Grid Resource Environments of

556 views • 29 slides
http://rack.github.com Thursday, November 11, 2010 Rack provides a minimal, modular and adaptable

http://rack.github.com Thursday, November 11, 2010 Rack provides a minimal, modular and adaptable

http://rack.github.com Thursday, November 11, 2010 Rack provides a minimal, modular and adaptable interface for developing web applications in Ruby. By wrapping HTTP requests and responses in the simplest way possible, it unifies and distills

742 views • 48 slides
JDBC 1 Three-Tier Architecture Web-browser e.g., Chrome, Safari, IE, HTTP Requests

JDBC 1 Three-Tier Architecture Web-browser e.g., Chrome, Safari, IE, HTTP Requests

JDBC 1 Three-Tier Architecture Web-browser e.g., Chrome, Safari, IE, HTTP Requests HTML Java App Server Application e.g., Apache Tomcat JDBC Tuples Requests DB Server 2 Example Data Entry Forms 123456789 1 John Doe Muir

771 views • 12 slides
Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project:

Digital signing Digital signing an upcomming service for all apache projects Target of project: Use symantec as provider Infra-root as Enterprise Service Provider PMC as Software Publishers Provide signing for microsoft jani

359 views • 8 slides
CSc 337 LECTURE 28: SESSIONS AND WRAPPING UP What is a session? session : an abstract concept

CSc 337 LECTURE 28: SESSIONS AND WRAPPING UP What is a session? session : an abstract concept

CSc 337 LECTURE 28: SESSIONS AND WRAPPING UP What is a session? session : an abstract concept to represent a series of HTTP requests and responses between a specific Web browser and server HTTP doesn't support the notion of a session, but

707 views • 29 slides
VCR A Gem used for caching HTTP requests during tests Who am I? Mike Dalton Developer @

VCR A Gem used for caching HTTP requests during tests Who am I? Mike Dalton Developer @

VCR A Gem used for caching HTTP requests during tests Who am I? Mike Dalton Developer @ GrubHub Using Ruby for 7 years Frequent attendee of meetups The problem Tests should be deterministic Result of an HTTP request

1.06k views • 38 slides
Project 2 Discussion Ming Liu Project Overview In this assignment, you will implement a HTTP

Project 2 Discussion Ming Liu Project Overview In this assignment, you will implement a HTTP

Project 2 Discussion Ming Liu Project Overview In this assignment, you will implement a HTTP proxy that passes requests and data between multiple web clients and web servers, concurrently. Capable of both relaying HTTP requests and HTTP

493 views • 11 slides
TH/3-3: Assessment of Scrape-off Layer Simulations with Drifts against L-mode Experiments in

TH/3-3: Assessment of Scrape-off Layer Simulations with Drifts against L-mode Experiments in

TH/3-3: Assessment of Scrape-off Layer Simulations with Drifts against L-mode Experiments in ASDEX Upgrade and JET L. Aho-Mantila 1 , S. Potzel 2 , M. Wischmeier 2 , D. Coster 2 , H.W. Mller 2 , S. Marsen 3 , S. Mller 2 , A. Meigs 4 , M. Stamp

698 views • 31 slides
Systems programming Thread management (Cont.) Most of the slides in this lecture are either from

Systems programming Thread management (Cont.) Most of the slides in this lecture are either from

Systems programming Thread management (Cont.) Most of the slides in this lecture are either from or adapted from the slides provided by Dr. Ahmad Barghash Creation of Unix processes vs. Pthreads Example of Pthreads #include <pthread.h>

532 views • 36 slides
2007 2007 Average Price of SF New Home Average Price of SF New Home SALES SALES

2007 2007 Average Price of SF New Home Average Price of SF New Home SALES SALES

15 Year Closing 15 Year Closing New Construction & Resale History New Construction & Resale History 25,000 20,000 RESIDENTIAL RESIDENTIAL 15,000 MARKET UPDATE MARKET UPDATE 10,000 Van Rose, MIRM 5,000 Van Rose, MIRM President,

350 views • 6 slides
Chap 12: Facet Into Multiple Views Paper: Multiform Matrices and Small Multiples Tamara Munzner

Chap 12: Facet Into Multiple Views Paper: Multiform Matrices and Small Multiples Tamara Munzner

Chap 12: Facet Into Multiple Views Paper: Multiform Matrices and Small Multiples Tamara Munzner Department of Computer Science University of British Columbia CPSC 547: Information Visualization Mon Oct 27 2014

299 views • 27 slides
Concurrency CS 442: Mobile App Development Michael Saelee <lee@iit.edu> Computer Science

Concurrency CS 442: Mobile App Development Michael Saelee <lee@iit.edu> Computer Science

Concurrency CS 442: Mobile App Development Michael Saelee <lee@iit.edu> Computer Science Science note: iOS devices are now (mostly) multi-core; i.e., concurrency may allow for real performance gains! Computer Science Science but

964 views • 55 slides
2020: An Algo Odyssey Presentation for Stanford University November 2020 Electronic FX Markets

2020: An Algo Odyssey Presentation for Stanford University November 2020 Electronic FX Markets

SECURITIES DIVISION 2020: An Algo Odyssey Presentation for Stanford University November 2020 Electronic FX Markets and Algos Confidential 2 Liquid currency pairs SECURITIES DIVISION Confidential Daily volumes Average Top of Book Spread

335 views • 14 slides
GPRS (GPRS System Overview) 1. (a)(b)(c)(d) 2.

GPRS (GPRS System Overview) 1. (a)(b)(c)(d) 2.

GPRS (GPRS System Overview) 1. (a)(b)(c)(d) 2. (c) 3. (a)(b) 4. (a)(b)(c)(d) 5. (a)(b)(c) 6. (a)(b) 7. (a)(b)(c) 8. (a)(d) 9. (a)(b)(c)(d) 10. (b)(c) 1. 7.1.2 7.1.3

194 views • 4 slides
A first look at detector requirements at FCC-ee Mogens

A first look at detector requirements at FCC-ee Mogens

A first look at detector requirements at FCC-ee Mogens Dam Niels Bohr Ins=tute Copenhagen University e + e - Colliders: Luminosity vs Energy Updated

591 views • 27 slides

More recommend