Your SlideShare is downloading. ×

Authentication

179
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
179
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Authentication(認証) Who uses OAuth Authentication?
  • 2. Type of Authentication Authentication ≒ Login ● Username / Password ● Claim-Based Authentication ○ OpenID Connect, SAML, WS-Fed, OAuth 2.0
  • 3. Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Players
  • 4. Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Name:Taro Yamada Mail:yam@hde.com Age: 19 Yamada’s claim Hello Mr. Yamada!! ① ②
  • 5. Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Access Control Beer Please! No. You are 19. Too young!
  • 6. Claim Based Authentication Clims should be: ● Reliable ○ Not been modified ● Passed securely ○ From ID Management Server to Web Service ○ via User maybe.
  • 7. Bad Example
  • 8. API Server OAuth Authentication Database Mr. Arakaki Bank of Samura ID Management Service Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
  • 9. Looks good?
  • 10. API Server OAuth Authentication Database Mr. Samura Music Store ID Management Service Modify! Arakaki’s Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
  • 11. Use OpenID Connect Web service can verify access token(or code).
  • 12. API Server OAuth → OpenID Connect Database Mr. Samura Music Store ID Management Service Access token ID token(JWT) Verification Failed! It’s a fake! Modify! Arakaki’s ID token ①
  • 13. Use OpenID Connect OAuth 2.0 is not an Authentication protocol. Use OpenID Connect for Authentication. It’s not a big change but pretty safe.

×