Upload File

lascon 2017: saml v. openid v. oauth

17
SAML v. OAuth v. OpenID Connect Michael Schwartz CEO, Gluu

Upload: mike-schwartz

Post on 22-Jan-2018

147 views

Category:

Technology


5 download

Report

TRANSCRIPT

Page 1: LASCON 2017: SAML v. OpenID v. Oauth

SAML v. OAuth v. OpenID Connect

Michael Schwartz

CEO, Gluu

Page 2: LASCON 2017: SAML v. OpenID v. Oauth
Page 3: LASCON 2017: SAML v. OpenID v. Oauth
Page 4: LASCON 2017: SAML v. OpenID v. Oauth

SAML OpenID Connect

Assertion (signed XML) id_token (signed JSON)

IDP (Identity Provider) OP (OpenID Provider)

SP (Service Provider) RP (Relying Party) or "Client”

User Attribute User Claim

Artifact Code

XML Canonicalization / Signing JOSE (JSON Object Signing and Encryption)

IDP Metadata OP Discovery Endpoint

Authentication Context Class Reference acr

Page 5: LASCON 2017: SAML v. OpenID v. Oauth
Page 6: LASCON 2017: SAML v. OpenID v. Oauth
Page 7: LASCON 2017: SAML v. OpenID v. Oauth
Page 8: LASCON 2017: SAML v. OpenID v. Oauth
Page 9: LASCON 2017: SAML v. OpenID v. Oauth
Page 10: LASCON 2017: SAML v. OpenID v. Oauth
Page 11: LASCON 2017: SAML v. OpenID v. Oauth
Page 12: LASCON 2017: SAML v. OpenID v. Oauth
Page 13: LASCON 2017: SAML v. OpenID v. Oauth

RFC 6749 The OAuth 2.0 Authorization Framework RFC 6750 The OAuth 2.0 Authorization Framework: Bearer Token Usage RFC 6755 An IETF URN Sub-Namespace for OAuth RFC 6819 OAuth 2.0 Threat Model and Security Considerations Errata RFC 7009 OAuth 2.0 Token Revocation RFC 7519 JSON Web Token (JWT)

RFC 7521Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

RFC 7522 SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants

RFC 7523JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants

RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol RFC 7592 OAuth 2.0 Dynamic Client Registration Management Protocol RFC 7636 Proof Key for Code Exchange by OAuth Public Clients RFC 7662 OAuth 2.0 Token Introspection Errata RFC 7800 Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)

Page 14: LASCON 2017: SAML v. OpenID v. Oauth
Page 15: LASCON 2017: SAML v. OpenID v. Oauth
Page 16: LASCON 2017: SAML v. OpenID v. Oauth
Page 17: LASCON 2017: SAML v. OpenID v. Oauth

Using OpenID/OAuth to access  Federated Data Services 

CIS14: Working with OAuth and OpenID Connect

Federated Shibboleth, OpenID , oAuth , and Multifactor

Oracle Banking APIs OpenID Guide Banking API… · OPENID 5 OpenID Guide 5 2. OPENID OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients

Yahoo! OpenID and OAuth

Authorization Architecture Patterns: How to Avoid Pitfalls in … · 2019-10-28 · implement OAuth 2.0, OpenID Connect, Financial-grade API and CIBA. ... • OAuth / OpenID Connect

OpenID Connect & OAuth - Demystifying Cloud Identity

Enterprise Openid Sso Oauth for Google Apps

Federated Shibboleth, OpenID, oAuth, and Multifactor Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst

OpenID Connect Explained · PDF fileOpenID Connect rides on top of OAuth 2.0

CIS14: OAuth and OpenID Connect in Action

Identity and Data Access: OpenID & OAuth

OAuth 2.0 e OpenID Connect

I/O Preso: OpenID and OAuth for Google Apps - Chrome Browser

OAuth 2.0 and OpenId Connect

OAuth 2.0 & OpenID Connect #MA7

Hybrid Auth: OpenID + OAuth

Bechtel On OpenID and OAuth from Cloud Identity Summit

Single Sign-On Security - Hackmanit...3 History of Single Sign-On OAuth 1.0 Oct 2007 OAuth 2.0 Oct 2012 OAuth 1.0 Rev A Jun 2009 OpenID Connect 1.0 Feb 2014 OpenID 1.1 May 2006 OpenID

What the Heck is OAuth and OpenID Connect - RWX 2017

FROM A PROPOSAL TO HAPPY MARRIAGE...OpenID Connect 2005 SAML 2.0 SAML 1.1 Liberty Alliance ID-FF 2003 2015 Mobile Connect 2012 OAuth 2.0 2007 OAuth 1.0 OpenID 2.0 2008 OpenID 1.0 1999

Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University

Mobile authentication and authorisation: OpenID and OAuth

OpenId Tech Night vol.6 OAuth

OAUTH 2 UND OPENID CONNECT SECURING MICROSERVICES … · OAUTH 2.0 101 RFC 6749: The OAuth 2.0 A uthorization Frame work RFC 6750: OAuth 2.0 Bearer Token Usage RFC 6819: OAuth 2.0

OAuth and OpenID Connect for Microservices

Single Sign On with OAuth and OpenID

OAuth 2.0 und OpenId Connect

Openid & Oauth: An Introduction

Real-world security analyses of OAuth 2.0 and OpenID Connect · 1 Information Security Group Real-world security analyses of OAuth 2.0 and OpenID Connect Wanpeng Li and Chris J Mitchell

OpenID & OAuth for the Consumer Web Workshop, Part 1 of 3

Federated Shibboleth, OpenID, oAuth, and Multifactor · 2013-04-15 · Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor

OpenID and OAuth

DEMOgala 2010: OpenID and OAuth, Technologies to increase customer engagement

Yahoo! OpenID and OAuth 1 Allen Tom Yahoo! Membership Architect OpenID Foundation Board Member [email protected] @atom