OpenID ConnectAggregated and Distributed         Claims             @ritou           2012/11/29         idcon mini Vol.1
内容 仕様 ユースケース 意見交換           idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims   2
仕様 Normal Claims    Claims that are directly asserted by the OpenID Provider. Aggregated Claims    Claims that are ass...
idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims   4
Aggregated Claimsidcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims   5
Distributed Claimsidcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims   6
Aggregated Claims OPが別のClaims Providerから受け取ってい                                   OPはJWT形式でUserInfoレスポンスに含む   たClaims    ...
Distributed Claims OPが別のClaims Providerから受け取ってい                                   OPはEndpoint, AccessTokenをUserInfoレスポ  ...
特徴 Aggregated Claims    OPが動的に取得もしくはキャッシュしておく    RPは一度のリソースアクセスで取得可能 Distributed Claims    OPはクレームの値を直接扱わない       OP...
ユースケース : 多段 OpenID Connect         idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims   10
ユースケースは他にもありそう 企業内のシステム連携?  人事データ、外部ASPサービス、個人のスケジュールやタスクとの連携           idcon mini Vol.1 - OpenID Connect Aggregated and...
意見交換タイム    idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims   12
Upcoming SlideShare
Loading in...5
×

Open id connect claims idcon mini vol1

1,594

Published on

idcom mini Vol.1で頭だしをするための資料

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,594
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "Open id connect claims idcon mini vol1"

  1. 1. OpenID ConnectAggregated and Distributed Claims @ritou 2012/11/29 idcon mini Vol.1
  2. 2. 内容 仕様 ユースケース 意見交換 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 2
  3. 3. 仕様 Normal Claims  Claims that are directly asserted by the OpenID Provider. Aggregated Claims  Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned by OpenID Provider. Distributed Claims  Claims that are asserted by a Claims Provider other than the OpenID Provider but are returned as references by the OpenID Provider. idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 3
  4. 4. idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 4
  5. 5. Aggregated Claimsidcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 5
  6. 6. Distributed Claimsidcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 6
  7. 7. Aggregated Claims OPが別のClaims Providerから受け取ってい  OPはJWT形式でUserInfoレスポンスに含む たClaims {{ "name": "Jane Doe", "address": { … "street_address": "1234 Hollywood Blvd.", "_claim_names": { "locality": "Los Angeles", "address": "src1", "region": "CA", "phone_number": "src1“ "postal_code": "90210", }, "country": “US"}, "_claim_sources": { "phone_number": "+1 (310) 123-4567" "src1": {"JWT":} "jwt_header.jwt_part2.jwt_part3"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 7
  8. 8. Distributed Claims OPが別のClaims Providerから受け取ってい  OPはEndpoint, AccessTokenをUserInfoレスポ たClaims ンスに含む例:公開情報 {…{ "_claim_names": { "address": { "address": "src1", "street_address": "1234 Hollywood Blvd.", “credit_score": "src2“ "locality": "Los Angeles", }, "region": "CA", "_claim_sources": { "postal_code": "90210", "src1": {"endpoint": "https://addressbook.example.com/claims"}, "country": “US"},} "src2": {"endpoint": "https://credit.example.com/claims",例:非公開情報 "access_token": "ksj3n283dke"}{"credit_score": "650"} } } idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 8
  9. 9. 特徴 Aggregated Claims  OPが動的に取得もしくはキャッシュしておく  RPは一度のリソースアクセスで取得可能 Distributed Claims  OPはクレームの値を直接扱わない  OPはアクセスしようとおもえばできる  センシティブな情報を扱うのに適している?  RPは複数のリソースアクセスが必要 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 9
  10. 10. ユースケース : 多段 OpenID Connect idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 10
  11. 11. ユースケースは他にもありそう 企業内のシステム連携?  人事データ、外部ASPサービス、個人のスケジュールやタスクとの連携 idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 11
  12. 12. 意見交換タイム idcon mini Vol.1 - OpenID Connect Aggregated and Distributed Claims 12

×