Upload File

oidc fed in [email protected]

17
OIDC Identity Federation in pictures by Roland Hedberg at IIW XXIII

Upload: roland-hedberg

Post on 22-Jan-2018

189 views

Category:

Internet


4 download

Report

TRANSCRIPT

Page 1: Oidc fed in pictures@iiw.xxiii

OIDC Identity Federation in pictures by Roland Hedberg at

IIW XXIII

Page 2: Oidc fed in pictures@iiw.xxiii

According to Wikipedia

• A federation (information technology) is a group of computing or network providers agreeing upon standards of operation in a collective fashion.

• The term "identity federation" is by design a generic term, and is not bound to any one specific protocol, technology, implementation or company. One thing that is consistent, however, is the fact that "federation" describes methods of identity portability which are achieved in an open, often standards-based manner – meaning anyone adhering to the open specification or standard can achieve the full spectrum of use-cases and interoperability.

Page 3: Oidc fed in pictures@iiw.xxiii

OIDC IDENTITY FEDERATION

➤ Allow dynamic discovery and registration without losing trust.

➤ Enforcement of federation and organization policies

➤ Allow delegation of entity registration

➤ Metadata transport and origin independent

➤ Metadata Self-contained

Page 4: Oidc fed in pictures@iiw.xxiii

CHAIN OF TRUST

➤ Trusted 3rd party

➤ Chain of verifiable claims

➤ Metadata construction

Page 5: Oidc fed in pictures@iiw.xxiii

Client - Server setup

WebFinger

Discovery

Registration

OPRP

Page 6: Oidc fed in pictures@iiw.xxiii

The players The good, the bad and the ugly

System adminstrator Federation OperatorIT Architect

Page 7: Oidc fed in pictures@iiw.xxiii

Organization and FO

Page 8: Oidc fed in pictures@iiw.xxiii

Organization wide information

contactslogo_uripolicy_uritos_uri

Page 9: Oidc fed in pictures@iiw.xxiii

Transfer to FO

contactslogo_uripolicy_uritos_uri

Page 10: Oidc fed in pictures@iiw.xxiii

FO: verifies, modifies and signs

contactslogo_uripolicy_uritos_uri

scopeclaims

token_endpoint_auth_method

Page 11: Oidc fed in pictures@iiw.xxiii

Within an organization

Page 12: Oidc fed in pictures@iiw.xxiii

Entity specific information

redirect_urisgrant_typessubject_type

Page 13: Oidc fed in pictures@iiw.xxiii

Transfer to Organization coordinator (OC)

redirect_urisgrant_typessubject_type

Page 14: Oidc fed in pictures@iiw.xxiii

OC: verifies, modifies and signs

redirect_urisgrant_typessubject_type

Page 15: Oidc fed in pictures@iiw.xxiii

Unpacking a metadata statement

redirect_urisgrant_typessubject_type

contactslogo_uripolicy_uritos_uri

scopeclaims

token_endpoint_auth_method

Page 16: Oidc fed in pictures@iiw.xxiii

Gathering the metadata

redirect_urisgrant_typessubject_type

contactslogo_uripolicy_uritos_uri

scopeclaims

token_endpoint_auth_method

contactslogo_uripolicy_uritos_uri

scopeclaims

token_endpoint_auth_method

redirect_urisgrant_typessubject_type

Page 17: Oidc fed in pictures@iiw.xxiii

OIDC IDENTITY FEDERATION

➤ Allow dynamic discovery and registration without losing trust.

➤ Enforcement of federation and organization policies

➤ Allow delegation of entity registration

➤ Metadata transport and origin independent

➤ Metadata Self-contained


Configuration of SAML 1.1 Between OIPA and OIDC

OperatorunitsFED - Festo · OperatorunitsFED Keyfeatures FED-CECwithCoDeSyssoftwareplatform FED-CEC FED-UIM CoDeSysmakesyour lifeeasier with simplecommissioning,fastprogram-

OIDC Federation for Infrastructures · 2018. 5. 23. · OIDC Fed use cases for research and e-Infrastructures • EOSC-HUB registration of clients goal for EGI and EUDAT is a scalable

eCBSV Registration Screens · Web viewa.Optional Screens to Test Open ID Connect (OIDC) Registration5 i.Validate to Perform Dynamic Client Registration5 ii.Validation successful6

Delivery instructions OIDC - EN

2 0 2 0 9 8 Legislative District 30 · 30-2991 fed 30-2992 fed 30-2993 fed 30-2994 fed 30-2995 fed 30-2996 fed 30-2999 fed 30-3000 fed 30-3001 fed 30-3002 fed 30-3003 fed 30-3004

Pictures to Admire - Interesting Pictures

Tracker FED

CENTER FED OFF-CENTER FED END FED...End Fed Workshop Topics Short overview of antenna feed points Popular End Fed Antenna s How to choose an End Fed Antenna that fits your needs Secrets

UNICORE in the - COnnecting REpositories · UNICORE in the Human Brain Project Bernd Schuller ([email protected]) ... pass OIDC token OIDC server 1. authenticate returns OIDC

Flask-OIDC Documentation

April 17-19, 2019 - files.informatandm.comfiles.informatandm.com/uploads/2019/4/1600_Manish_Chugtu.pdf · • iSSO authentication for SAML, OIDC, LDAP, Kerberos, etc. Enterprises

Boston Fed

OIDC Design Patterns Presentation

End Fed Antennas End Fed Long Wires

FED-STD 595B Colors Used in Government Procurement, with ...everyspec.com/FED-STD/...spec=FED-STD-595B_CHG...FED-STD-595B December 15, 1989 SUPERSEDING FED-STD-595A January 2, 1968

Fed Programs

Work Package 5 User Integration Supportceos.org/document_management/Working_Groups/WGISS...Accounting) for Exploitation Platforms using OIDC and UMA. The proposed solution addresses

Fed Tapering

AN UPDATE ON THE FED BALANCE SHEET. BY JONATHAN BRICE THE FED THE FED THE FED

Sneaking Up On OIDC - Internet2 · 2019. 12. 11. · Sneaking Up On OIDC: How the Big Ten Academic Alliance federated with social IDs Tim Newcomb, Big Ten Academic Alliance Keith

OpenID Connect (OIDC) - phpug-dresden.org · Technologie fördert Kommunikation © 2019 | tyclipso.net | Denis Bartelt 26. Februar 2019 OpenID Connect (OIDC) OAuth 2.0, JWT, JWK Frank

mozilla-django-oidc Documentation

Pictures, pictures, pictures! (MAAM Annual Meeting 2011)

Brain Lesions among Orally Fed and Gastrostomy-Fed

Everything for your pure water fed pole business WATER FED ...Everything for your pure water fed pole business WATER FED POLE “New Generation of Water Fed Poles” The superior New

Fed Up Fed War Room Slides

HeinOnline -- 55 Fed. Reg. 23902 1990 - cftc.gov · HeinOnline -- 55 Fed. Reg. 23903 1990. HeinOnline -- 55 Fed. Reg. 23904 1990. HeinOnline -- 55 Fed. Reg. 23905 1990

AWS SSO OIDC...AWSf SSO OIDC OIDC API Reference CreateToken CreateToken Creates and returns an access token for the authorized client. The access token issued will be used to e tchs

Aberfoyle Summary (Monday to Saturday Only) - Gartmore · nch n ck g FED FED FED FED FED FED FED FED FED FED FED FED FED FED FED FED B10 B12 B10 B12 B10 C12 B10 C12 C10 B10 C12 C10

CIS14: Developing with OAuth and OIDC Connect

Pre-Con Ed: Workshop on Policy Creation, Management and Support for OAuth and OIDC

CoreOS Fest 2017 - 2017-07-01 openid connect · a. Get “OIDC Client ID” and “OIDC Client Secret” 2. Fetch and cache Discovery Document 3. Session Management a. Redirect Browser

RECTENNA: INSET-FED AND EDGE-FED “PATCH” · PDF fileRECTENNA: INSET-FED AND EDGE-FED “PATCH” ANTENNAS WITH RECTIFYING CIRCUIT Corey Bergsrud1, Chase Freidig1, Matthew Anderson2,

Identity Management: Using OIDC to Empower the Next-Generation Apps