Your SlideShare is downloading. ×

Self isssued-idp

623

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
623
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
3
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. @novIdentity in Your Device
  • 2. OS, Browser, Mobile Apps
  • 3. Self-Issued OpenID ProviderPersonal OP that issues self-signed ID TokensNo central IdP serversDefined in OpenID Connect Messageshttp://j.mp/self-issuedAvailable any apps / devices with secure stragee.g. iOS app with Keychain
  • 4. 1) Launches “openid://?client_id=client://callback&..”No discovery (static OP config)No client registration (client_id = redirect_uri)2) End-user approval3) Self-issued ID Token generationGenerate RSA key pair on the device (only once)“sub” is automatically calculated by the public key4) Back to “client://callback#id_token=...”No API available, thus No Access Token5) ID Token Verification
  • 5. Static OP Config
  • 6. The sub (subject) Claim value isthe base64url encoded SHA-256 hash ofthe concatenation of the bytes ofthe UTF-8 representations ofthe base64url encoded key valuesin the sub_jwk Claim.OpenID Connect Messagesdra,18 Section 6.5
  • 7. JWK - JSON Web Key
  • 8. “sub” calculated from JWKHash of them
  • 9. Self-Issued ID Token
  • 10. Device specific key pair↓Device specific ID Token
  • 11. No verified emailsNo verified profile
  • 12. Holder of Key
  • 13. twitter.com/novslideshare.net/matakegithub.com/nov

×