Authentication
Upcoming SlideShare
Loading in...5
×
 

Authentication

on

  • 163 views

 

Statistics

Views

Total Views
163
Views on SlideShare
54
Embed Views
109

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 109

http://blog.hde.co.jp 109

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Authentication Authentication Presentation Transcript

  • Authentication(認証) Who uses OAuth Authentication?
  • Type of Authentication Authentication ≒ Login ● Username / Password ● Claim-Based Authentication ○ OpenID Connect, SAML, WS-Fed, OAuth 2.0
  • Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Players
  • Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Name:Taro Yamada Mail:yam@hde.com Age: 19 Yamada’s claim Hello Mr. Yamada!! ① ②
  • Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Access Control Beer Please! No. You are 19. Too young!
  • Claim Based Authentication Clims should be: ● Reliable ○ Not been modified ● Passed securely ○ From ID Management Server to Web Service ○ via User maybe.
  • Bad Example
  • API Server OAuth Authentication Database Mr. Arakaki Bank of Samura ID Management Service Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
  • Looks good?
  • API Server OAuth Authentication Database Mr. Samura Music Store ID Management Service Modify! Arakaki’s Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
  • Use OpenID Connect Web service can verify access token(or code).
  • API Server OAuth → OpenID Connect Database Mr. Samura Music Store ID Management Service Access token ID token(JWT) Verification Failed! It’s a fake! Modify! Arakaki’s ID token ①
  • Use OpenID Connect OAuth 2.0 is not an Authentication protocol. Use OpenID Connect for Authentication. It’s not a big change but pretty safe.