browser support for the open authoriza4on oauth protocol
play

Browser Support for the Open Authoriza4on (OAuth) Protocol - PowerPoint PPT Presentation

Oct 05, 2023 •334 likes •434 views

Browser Support for the Open Authoriza4on (OAuth) Protocol hGp://www.w3.org/2011/iden4ty-ws/papers/idbrowser2011_submission_32.pdf Hannes Tschofenig, Barry Leiba, Blaine Cook,

  1. Browser ¡Support ¡for ¡the ¡Open ¡ Authoriza4on ¡(OAuth) ¡Protocol ¡ hGp://www.w3.org/2011/iden4ty-­‑ws/papers/idbrowser2011_submission_32.pdf ¡ ¡ Hannes ¡Tschofenig, ¡Barry ¡Leiba, ¡ Blaine ¡Cook, ¡Rob ¡Van ¡Eijk ¡

  2. Agenda ¡ • Authen4ca4on ¡Mechanisms ¡ • JavaScript ¡Crypto ¡Library ¡Support ¡ • Authoriza4on ¡Interface ¡ • Moving ¡Crypto ¡Into ¡the ¡Browser ¡

  3. Authen4ca4on ¡Mechanisms ¡ • Many ¡iden4ty ¡management ¡protocols ¡treat ¡the ¡ authen4ca4on ¡exchange ¡out ¡of ¡scope ¡ – So ¡does ¡OAuth ¡ • Problems: ¡ ¡ – Authen4ca4on ¡creden4als ¡being ¡used ¡are ¡of ¡poor ¡quality ¡(low ¡ entropy ¡secrets) ¡ – Enrollment ¡of ¡strong ¡creden4als ¡not ¡implemented ¡in ¡browsers ¡ (e.g. ¡enrollment ¡of ¡OTP ¡mechanisms) ¡ ¡ – Authen4ca4on ¡mechanisms ¡being ¡used ¡on ¡the ¡Web ¡today ¡are ¡ preGy ¡weak. ¡ – There ¡is ¡no ¡authen4ca4on ¡framework ¡that ¡allows ¡for ¡easily ¡ exchangeable ¡authen4ca4on ¡methods. ¡ ¡ – Other ¡problem ¡(but ¡not ¡related ¡to ¡lack ¡of ¡standardiza4on): ¡weak ¡ iden4ty ¡proofing ¡ • Examples ¡to ¡look ¡at: ¡GSS-­‑API, ¡SASL, ¡EAP, ¡PSKC ¡ ¡ ¡ What ¡mechanisms ¡should ¡browser ¡support? ¡ ¡

  4. Authoriza4on ¡Interface ¡

  5. Authoriza4on ¡Interface, ¡cont. ¡

  6. Authoriza4on ¡Interface, ¡cont. ¡ What ¡guidance ¡can ¡we ¡provide ¡to ¡developers ¡for ¡a ¡ consistent ¡permission ¡dialog ¡experience? ¡ ¡ What ¡is ¡the ¡role ¡of ¡the ¡browser ¡in ¡this ¡exchange? ¡

  7. JavaScript ¡Crypto ¡Library ¡Support ¡ • JavaScript ¡is ¡an ¡essen4al ¡language ¡for ¡the ¡Web ¡ eco-­‑system. ¡Increasingly ¡popular ¡also ¡on ¡the ¡ server-­‑side. ¡ ¡ • Problem: ¡No ¡standardized ¡APIs ¡for ¡access ¡to ¡ cryptographic ¡func4ons ¡and ¡key ¡storage. ¡ • One ¡consequence: ¡Cryptographic ¡material ¡cannot ¡ be ¡kept ¡confiden4al ¡with ¡JavaScript-­‑based ¡ clients. ¡ ¡ • Example: ¡ hGps://developer.mozilla.org/en/JavaScript_crypto ¡ ¡ Would ¡it ¡be ¡useful ¡to ¡standardize ¡a ¡ JavaScript ¡crypto ¡API? ¡ ¡

  8. Moving ¡Crypto ¡Into ¡the ¡Browser ¡ • OAuth ¡protocol ¡design ¡is ¡impacted ¡by ¡the ¡capabili4es ¡ offered ¡by ¡browsers. ¡ • The ¡security ¡considera4ons ¡capture ¡this ¡quite ¡well: ¡ hGp://datatracker.ie_.org/doc/dra`-­‑ie_-­‑oauth-­‑v2/ ¡ hGp://tools.ie_.org/html/dra`-­‑lodderstedt-­‑oauth-­‑security ¡ • For ¡example, ¡ hGp://datatracker.ie_.org/doc/dra`-­‑ie_-­‑oauth-­‑v2-­‑ hGp-­‑mac/ ¡suggests ¡a ¡MAC ¡based ¡authen4ca4on ¡ mechanism ¡that ¡can ¡also ¡be ¡used ¡to ¡implement ¡a ¡more ¡ secure ¡cookie/HTTP ¡state ¡management ¡mechanism. ¡ ¡ What ¡func@onality ¡can ¡we ¡put ¡into ¡ the ¡browser ¡plaAorm? ¡ ¡

Recommend

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical Architect, Ping Identity Purpose Best Current Practices Document Builds mostly on RFC 8252 - OAuth 2.0 for Native Apps I-D

386 views • 10 slides
An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. OAuth 2.0 Definition Why is this relevant for IXP operators? OAuth 2.0 Roles The resource owner is the user - you

523 views • 29 slides
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow Whats the problem As the web grows, more and more sites

786 views • 45 slides
Identity Management Hannes Tschofenig Motivation OAuth was created to allow secure and

Identity Management Hannes Tschofenig Motivation OAuth was created to allow secure and

Identity Management Hannes Tschofenig Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication protocol. Works with any user authentication protocol (e.g., OATH, FIDO, W3C

613 views • 10 slides
Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2 What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2 What is OAuth? Your Valet Key for the Web Delegated Authentication

357 views • 33 slides
If you are viewing this presentation in a PDF, please stop and open the slides in browser (slides

If you are viewing this presentation in a PDF, please stop and open the slides in browser (slides

If you are viewing this presentation in a PDF, please stop and open the slides in browser (slides in the browser look way better): https://switowski.github.io/functional-css-talk/ 1 1 Maintainable CSS with visual regression testing and

850 views • 37 slides
OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software Engineer Adobe Research Switzerland Who is this guy, BTW? eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJhdWQiOiJjb25uZWN0MjAxNCIsImlzc

869 views • 42 slides
CORE VALUES accuzip.com/support/gotoassist Web browser. An interactive support tool that allows

CORE VALUES accuzip.com/support/gotoassist Web browser. An interactive support tool that allows

WELCOME! email response time. which in turn has built us a loyal customer 21-year history of doing the right thing, software solutions into the future. We have a can trust us with their multi-medium mailing open and transparent so that our

228 views • 4 slides
OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

423 views • 8 slides
OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com AG The OAuth 2.0 Success Story Tremendous adoption since publication in 2012 Driven by large service providers and OpenID Connect

594 views • 30 slides
OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

draft-fett-oauth-dpop-03 OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106 Singapore Nov 2019 Brian Campbell (presenter, co-author, workation photographer) John Bradley (co-author of sorts) Torsten

407 views • 19 slides
Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se) Gran Selander (goran.selander@ericsson.com) Erik Wahlstrm (erik.wahlstrom@nexusgroup.com) Samuel Erdtman (samuel.erdtman@nexusgroup.com) Hannes

147 views • 10 slides
Protocol on SEA Chapter A6: Policies and legislation Resource Manual to Support Application of

Protocol on SEA Chapter A6: Policies and legislation Resource Manual to Support Application of

Protocol on SEA Chapter A6: Policies and legislation Resource Manual to Support Application of the UNECE Protocol on Strategic Environmental Assessment draft 26-Apr-07 A6.1 Contents of the Chapter Introduction Protocol on SEA Legal

409 views • 19 slides
Protocol on SEA Chapter A1: A brief introduction to SEA Resource Manual to Support Application

Protocol on SEA Chapter A1: A brief introduction to SEA Resource Manual to Support Application

Protocol on SEA Chapter A1: A brief introduction to SEA Resource Manual to Support Application of the UNECE Protocol on Strategic Environmental Assessment draft 17-Apr-07 A1.1 Contents of the Chapter What is SEA? Protocol on SEA

637 views • 15 slides
The Protocol Founded in 1999 >100 persons Clment OUDOT Montral, Quebec City,

The Protocol Founded in 1999 >100 persons Clment OUDOT Montral, Quebec City,

The Protocol Founded in 1999 >100 persons Clment OUDOT Montral, Quebec City, Ottawa, Paris @clementoudot ISO 9001:2004 / ISO 14001:2008 contact@savoirfairelinux.com GET /summary { part1:Some words on OAuth

796 views • 48 slides
Welcome Wifi CODE Upton1947!Ms USE SLIDO TO ASK QUESTIONS OF THE PANEL 1. OPEN BROWSER ON

Welcome Wifi CODE Upton1947!Ms USE SLIDO TO ASK QUESTIONS OF THE PANEL 1. OPEN BROWSER ON

Welcome Wifi CODE Upton1947!Ms USE SLIDO TO ASK QUESTIONS OF THE PANEL 1. OPEN BROWSER ON SMARTPHONE, TABLET OR LAPTOP 2. GO TO www.slido.com 3. ENTER CODE #Q358 TWEET ABOUT THE EVENT #WokinghamCHASC Introduction David Cahill (BHFT Wokingham

472 views • 29 slides
FHA Catalyst: Case Binder Module April 3 , 2020 Tech Support Recommend Chrome browser.

FHA Catalyst: Case Binder Module April 3 , 2020 Tech Support Recommend Chrome browser.

FHA Catalyst: Case Binder Module April 3 , 2020 Tech Support Recommend Chrome browser. Technical issues? Review Technology FAQs by clicking Chat icon at bottom of screen, or on Landing Page. Need additional tech support? Click

509 views • 5 slides
FHA Catalyst: Case Binder Module April 3 , 2020 Tech Support Recommend Chrome browser.

FHA Catalyst: Case Binder Module April 3 , 2020 Tech Support Recommend Chrome browser.

FHA Catalyst: Case Binder Module April 3 , 2020 Tech Support Recommend Chrome browser. Technical issues? Review Technology FAQs by clicking Chat icon at bottom of screen, or on Landing Page. Need additional tech support? Click

517 views • 6 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Open Screen Protocol Day 1 Peter Thatcher (pthatcher@google.com) Mark Foltz (mfoltz@google.com)

Open Screen Protocol Day 1 Peter Thatcher (pthatcher@google.com) Mark Foltz (mfoltz@google.com)

Open Screen Protocol Day 1 Peter Thatcher (pthatcher@google.com) Mark Foltz (mfoltz@google.com) TPAC 2018 Day 1 - Outline Open Screen Protocol Overview Specifics for how to do JPAKE Specifics for mDNS/DNS-SD Presentation API messages

1.33k views • 115 slides
Protocol on SEA Chapter A3: Determining whether plans & programmes require SEA under the

Protocol on SEA Chapter A3: Determining whether plans & programmes require SEA under the

Protocol on SEA Chapter A3: Determining whether plans & programmes require SEA under the Protocol Resource Manual to Support Application of the UNECE Protocol on Strategic Environmental Assessment draft 26-Apr-07 A3.1 Contents of the

563 views • 28 slides
Protocol on SEA Chapter B2: Example structure of practical exercises for use in training course

Protocol on SEA Chapter B2: Example structure of practical exercises for use in training course

Protocol on SEA Chapter B2: Example structure of practical exercises for use in training course on the Protocol Resource Manual to Support Application of the UNECE Protocol on Strategic Environmental Assessment draft 17-Apr-07 B2.1 Contents

894 views • 17 slides
USING RUST TO BUILD THE NEXT GENERATION WEB BROWSER Lars Bergstrom Mike Blumenkrantz Mozilla

USING RUST TO BUILD THE NEXT GENERATION WEB BROWSER Lars Bergstrom Mike Blumenkrantz Mozilla

USING RUST TO BUILD THE NEXT GENERATION WEB BROWSER Lars Bergstrom Mike Blumenkrantz Mozilla Research Samsung R&D America Why a new web engine? Support new types of applications and new devices All modern browser engines (Safari,

891 views • 41 slides
NAVIGATING YOUR HDHP WITH HSA July 2017 Setting Up a User Account Open your web browser and go

NAVIGATING YOUR HDHP WITH HSA July 2017 Setting Up a User Account Open your web browser and go

NAVIGATING YOUR HDHP WITH HSA July 2017 Setting Up a User Account Open your web browser and go to the IBXpress website which can be found on the back of your ID card. Click either Log In (if you have previously been on the member website) or

703 views • 34 slides

More recommend