oauth 2 0 authorization server discovery metadata
play

OAuth 2.0 Authorization Server Discovery Metadata - PowerPoint PPT Presentation

Jul 20, 2023 •330 likes •423 views

* OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1 Document Status Current draft addresses WGLC feedback See

  1. * OAuth 2.0 Authorization Server Discovery Metadata draft-ietf-oauth-discovery Mike Jones IETF 95, Buenos Aires April 2016 1

  2. Document Status  Current draft addresses WGLC feedback See https://tools.ietf.org/html/draft-ietf-oauth-discovery-  02#appendix-B for specific changes made (obviously other than the “don’t do this work” feedback)  2

  3. Use Cases Covered (1)  OAuth 2.0 client configuration  Provides data needed to configure a client to use an authorization server in a standard format  Superior to publishing the same data on developer Web pages in an ad-hoc manner  AS configuration validation  Clients can validate issuer returned per draft-ietf- oauth-mix-up-mitigation with metadata issuer  Clients can validate AS metadata obtained at configuration time against AS metadata obtained at runtime 3

  4. Use Cases Covered (2)  Authorization Server Discovery Result  The AS Discovery Metadata document is the result of AS discovery processes, such as WebFinger lookup of the AS  AS Metadata Registry enables extensibility  Enables publication of application-specific metadata about the authorization server  For example, publication of resource server info when RS controlled by the authorization server 4

  5. Implementation Status  Several OAuth clients using for configuration  E.g., Microsoft ADAL OAuth client, RoHe client  All OpenID Connect Discovery implementations use this AS metadata format  E.g. 23 implementations using this metadata format listed at http://openid.net/certification/ 5

  6. Next Step for Spec: Request Publication  Why?  Standardize existing practice for AS metadata  Enables AS configuration to be validated at runtime for mix-up mitigation  But what if we haven’t thought of everything?  The registry enables extensibility  But what about solving discovery all-up?  The AS metadata format is stable and any AS discovery solutions developed will use it 6

  7. OAuth Discovery Landscape and Use Cases  Discussing, agreeing on Discovery use cases is likely the most productive WG next step  In one common use case, AS controls single RS – as in OpenID Connect use case  Phil, Tony leading discussion on use case in which client knows both intended RS & AS  Many other use cases already implemented  Hopefully understanding diverse OAuth Discovery use cases will result in new widely applicable consensus Discovery solutions 7

  8. Next steps towards deeper OAuth Discovery  Determine use cases we want to enable  Evaluate possible solutions  Create additional discovery specifications standardizing those solutions 8

Recommend

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney

The SciTokens Authorization Model: JSON Web Tokens & OAuth Jim Basney <jbasney@ncsa.Illinois.edu> Brian Bockelman <bbockelm@cse.unl.edu> This material is based upon work supported by the National S cience Foundation under Grant

379 views • 20 slides
OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single

OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single

OpenID Connect & OAuth 2.0 Server for the Enterprise Your enterprise server for single identity sign-on provision identity API access federation management The four Connect2id server pillars Based on the latest standards OpenID

580 views • 26 slides
Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se)

Authorization for IoT using OAuth draft-seitz-ace-oauth-authz-00 Ludwig Seitz (ludwig@sics.se) Gran Selander (goran.selander@ericsson.com) Erik Wahlstrm (erik.wahlstrom@nexusgroup.com) Samuel Erdtman (samuel.erdtman@nexusgroup.com) Hannes

147 views • 10 slides
OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth

OAuth 2.0 Weina Ma Weina.Ma@uoit.ca Agenda OAuth overview Simple example OAuth protocol workflow Server-side web application flow Client-side web application flow Whats the problem As the web grows, more and more sites

786 views • 45 slides
OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios

OAuth 2.0 authorization using blockchain-based tokens Nikos Fotiou, Iakovos Pittaras, Vasilios A. Siris, Spyros Voulgaris, George C. Polyzos Resource sharing Authorization Client Resource owner Resource storage Resource access Resource

1.11k views • 18 slides
An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile

An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications. OAuth 2.0 Definition Why is this relevant for IXP operators? OAuth 2.0 Roles The resource owner is the user - you

523 views • 29 slides
A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle

A Formal Model for Delegated Authorization of IoT Devices Using ACE-OAuth LUCA ARNABOLDI, Newcastle University, UK HANNES TSCHOFENIG, Arm Limited, UK As our daily lives become ever more connected, the need for security becomes more important. This

164 views • 13 slides
Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106,

Pushed Authorization Requests https://tools.ietf.org/html/draft-lodderstedt-oauth-par IETF-106, 21.11.2019, Singapore Brian Campbell, Nat Sakimura, Dave Tonge, Filip Skokan, Torsten Lodderstedt { "userinfo":{

340 views • 16 slides
The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700

The OAI2LOD Server Exposing OAI-PMH Metadata as Linked Data Motivation more than 1700 institutions worldwide expose metadata via the Open Archives Initiative Protocol for Metadata Harvesting (OAI-PMH) using open standards like URI, HTTP ,

224 views • 19 slides
DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery

DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery

DOTS Server(s) Discovery https://tools.ietf.org/html/draft-boucadair-dots-server-discovery Prague, July 2017 M. Boucadair (Orange) T. Reddy (McAfee) P. Patil (Cisco) 1 Context & Motivation A DOTS client needs to learn the IP

306 views • 14 slides
Breakfasts 2017 Welcome to Junes BIC Breakfast: Metadata for Journals Discovery - What

Breakfasts 2017 Welcome to Junes BIC Breakfast: Metadata for Journals Discovery - What

Breakfasts 2017 Welcome to Junes BIC Breakfast: Metadata for Journals Discovery - What Publishers Need to Know #BICBreakfast Kindly sponsored by What is a BIC Breakfast? BIC Committees Digital Supply Chain Libraries Metadata Physical

1.07k views • 82 slides
Discovery mechanisms Retrieving the domain name DHCP IP

Discovery mechanisms Retrieving the domain name DHCP IP

TURN Server Auto Discovery dra5-pa8l-tram-turn-serv-disc-01 Prashanth Pa)l, Tiru Reddy, Dan Wing IETF-90 TURN Server Auto Discovery

356 views • 12 slides
Evaluating Lustres Metadata Server on a Multi-Socket Platform Konstantinos Chasapis

Evaluating Lustres Metadata Server on a Multi-Socket Platform Konstantinos Chasapis

Evaluating Lustres Metadata Server on a Multi-Socket Platform Konstantinos Chasapis Scientific Computing Department of Informatics University of Hamburg 9th Parallel Data Storage Workshop Motivation Motivation Metadata performance can be

274 views • 26 slides
Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2

Wherefore Art Thou, OAuth? 1 What is OAuth? 2 What is OAuth? Your Valet Key for the Web 2 What is OAuth? Your Valet Key for the Web Delegated Authentication Protocol 2 What is OAuth? Your Valet Key for the Web Delegated Authentication

357 views • 33 slides
OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical

OAuth 2.0 for Browser Based Apps OAuth Security Workshop 2019 David Waite, Principal Technical Architect, Ping Identity Purpose Best Current Practices Document Builds mostly on RFC 8252 - OAuth 2.0 for Native Apps I-D

386 views • 10 slides
& 1st large scale oauth stealing botnet & Secure delegation mechanism De-facto

& 1st large scale oauth stealing botnet & Secure delegation mechanism De-facto

& 1st large scale oauth stealing botnet & Secure delegation mechanism De-facto authentication standard & & Exploit server Play store fake install/comments Ads injection Repacked (non-google) app Registration

717 views • 55 slides
OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software

OAuth Hacks A Gentle Introduction to OAuth 2.0 and Apache Oltu Antonio Sanso (@asanso) Software Engineer Adobe Research Switzerland Who is this guy, BTW? eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .eyJhdWQiOiJjb25uZWN0MjAxNCIsImlzc

869 views • 42 slides
Using a Robust Metadata Management System to Accelerate Scientific Discovery at Extreme Scales

Using a Robust Metadata Management System to Accelerate Scientific Discovery at Extreme Scales

Using a Robust Metadata Management System to Accelerate Scientific Discovery at Extreme Scales Margaret Lawson, Jay Lofstead Sandia National Laboratories is a multimission laboratory managed and operated by National Technology and Engineering

394 views • 21 slides
File and Metadata Replication in XtreemFS Bjrn Kolbeck Zuse Institute Berlin File and Metadata

File and Metadata Replication in XtreemFS Bjrn Kolbeck Zuse Institute Berlin File and Metadata

File and Metadata Replication in XtreemFS Bjrn Kolbeck Zuse Institute Berlin File and Metadata Replication in XtreemFS 1 Why Replicate ? fault tolerance mail server source repository bandwidth start 1,000 VMs in

497 views • 23 slides
CARD: A Congestion-Aware Request Dispatching Scheme for Replicated Metadata Server Cluster

CARD: A Congestion-Aware Request Dispatching Scheme for Replicated Metadata Server Cluster

CARD: A Congestion-Aware Request Dispatching Scheme for Replicated Metadata Server Cluster Shangming Cai, Dongsheng Wang, Zhanye Wang and Haixia Wang Tsinghua University 1 Background: Massive-scale ML in product environments Datasets

260 views • 25 slides
OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com

OAuth 2.0 Security Reinforced Torsten Lodderstedt @tlodderstedt Daniel Fett @dfett42 yes.com AG The OAuth 2.0 Success Story Tremendous adoption since publication in 2012 Driven by large service providers and OpenID Connect

594 views • 30 slides
OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106

draft-fett-oauth-dpop-03 OAuth 2.0 D emonstration of P roof- o f- P ossession at the Application Layer ( DPoP ) IETF 106 Singapore Nov 2019 Brian Campbell (presenter, co-author, workation photographer) John Bradley (co-author of sorts) Torsten

407 views • 19 slides
Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side) Remote.JDBC (Client/Server) Server Query Interface Tx Planner Parse Algebra Storage Interface Sql/Util Concurrency Recovery Metadata Index

787 views • 66 slides
Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without

Authorization the permission or power given to sb to do sth: enter a security area without authorization Authorization in Oxford Advanced Learner's Dictionary Object-oriented Databases authorization is the concept of allowing

70 views • 6 slides

More recommend