SlideShare a Scribd company logo

OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update

M
MikeLeszcz

OpenID Connect Working Group update presented by Dr. Michael B. Jones (Microsoft) at the OIDF Workshop at EIC 2018 on May 15, 2018 in Munich.

Technology
1 of 17
Download to read offline
OpenID Connect Working Group May 15, 2018 Dr. Michael B. Jones Identity Standards Architect – Microsoft
Working Together OpenID Connect
What is OpenID Connect? • Simple identity layer on top of OAuth 2.0 • Enables RPs to verify identity of end-user • Enables RPs to obtain basic profile info • REST/JSON interfaces → low barrier to entry • Described at http://openid.net/connect/
You’re Probably Already Using OpenID Connect! • If you have an Android phone or log in at AOL, Deutsche Telekom, Google, Microsoft, NEC, NTT, Salesforce, Softbank, Symantec, Verizon, or Yahoo! Japan, you’re already using OpenID Connect – Many other sites and apps large and small also use OpenID Connect
OpenID Connect Range • Spans use cases, scenarios – Internet, Enterprise, Mobile, Cloud • Spans security & privacy requirements – From non-sensitive information to highly secure • Spans sophistication of claims usage – From basic default claims to specific requested claims to collecting claims from multiple sources • Maximizes simplicity of implementations – Uses existing IETF specs: OAuth 2.0, JWT, etc. – Lets you build only the pieces you need
Numerous Awards • OpenID Connect won 2012 European Identity Award for Best Innovation/New Standard – http://openid.net/2012/04/18/openid-connect- wins-2012-european-identity-and-cloud-award/ • OAuth 2.0 won in 2013 • JSON Web Token (JWT) & JOSE won in 2014 • OpenID Certification program won 2018 Identity Innovation Award – http://openid.net/2018/03/29/openid-certification- program-wins-2018-identity-innovation-award/
Original Overview of Specifications
OAuth 2.0 Form Post Response Mode (additional Final Specification) • Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values auto-submitted by the User Agent using HTTP POST • A “form post” binding, like SAML and WS-Federation – An alternative to fragment encoding • http://openid.net/specs/oauth-v2-form-post-response-mode- 1_0.html • Completed April 2015 • In production use by Microsoft, Ping Identity
OpenID 2.0 to OpenID Connect Migration (additional Final Specification) • Defines how to migrate from OpenID 2.0 to OpenID Connect – Has OpenID Connect identity provider also return OpenID 2.0 identifier, enabling account migration • http://openid.net/specs/openid-connect-migration-1_0.html • Completed April 2015 • Google shut down OpenID 2.0 support in April 2015 • Yahoo, AOL, others also plan to replace OpenID 2.0 with OpenID Connect
Current Work • Federation Specification • Session Management / Logout • Second Errata Set • Current Related Work • OpenID Connect Certification
Session Management / Logout (work in progress) • Three approaches being pursued by the working group: – Session Management • http://openid.net/specs/openid-connect-session-1_0.html • Uses HTML5 postMessage to communicate state change messages between OP and RP iframes – Front-Channel Logout • http://openid.net/specs/openid-connect-frontchannel-1_0.html • Uses HTTP GET to load image or iframe, triggering logout (similar to SAML, WS-Federation) – Back-Channel Logout • http://openid.net/specs/openid-connect-backchannel-1_0.html • Server-to-communication not using the browser • Can be used by native applications, which have no active browser • Unfortunately, no one approach best for all use cases – Can be used separately or in combination • Became Implementer’s Drafts in March 2017 – Recent decision made that it’s time for them to become Final Specifications
Federation Specification (work in progress) • Roland Hedberg created OpenID Connect Federation specification – http://openid.net/specs/openid-connect-federation-1_0.html • Enables establishment and maintenance of multi-party federations using OpenID Connect • Defines hierarchical JSON-based metadata structures for federation participants • Prototype implementations being interop tested w/ each other • Recent decision to progress it to an Implementer’s Draft
Second Errata Set (work in progress) • Errata process corrects typos, etc. discovered – Makes no normative changes • Edits under way for second errata set • See http://openid.net/specs/openid-connect-core-1_0-23.html for current Core errata draft • Waiting for OAuth AS metadata spec draft-ietf-oauth-discovery to be final – So we can register OpenID Discovery metadata values – Now in the hands of the RFC Editor • Expect to see request for review of errata changes shortly
Current Related Work • International Government Profile (iGov) Working Group – Developing OpenID Connect profile for government & high-value commercial applications • Enhanced Authentication Profile (EAP) Working Group – Enables Token Bound ID Tokens – Enables integration with FIDO and other phishing-resistant authentication solutions
OpenID Certification • OpenID Certification enables OpenID Connect implementations to be certified as meeting requirements of defined conformance profiles • Now OP and RP certification profiles for: – Basic OP and Basic RP – Implicit OP and Implicit RP – Hybrid OP and Hybrid RP – OP Publishing and RP Using Configuration Information – Dynamic OP and Dynamic RP • See http://openid.net/certification/ – And accompanying certification presentation!
Open Conversation • How are you using OpenID Connect? • What would you like the working group to know and do?
OpenID Connect Resources • OpenID Connect – http://openid.net/connect/ • Frequently Asked Questions – http://openid.net/connect/faq/ • Working Group Mailing List – http://lists.openid.net/mailman/listinfo/openid-specs-ab • OpenID Certification Program – http://openid.net/certification/ • Certified OpenID Connect Implementations Featured for Developers – http://openid.net/developers/certified/ • Mike Jones’ Blog – http://self-issued.info/ • Nat Sakimura’s Blog – http://nat.sakimura.org/ • John Bradley’s Blog – http://www.thread-safe.com/

Recommended

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OpenIDFoundation
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16
MikeLeszcz
 
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification UpdateOIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
MikeLeszcz
 
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateOpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
MikeLeszcz
 
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OpenIDFoundation
 

Recommended

OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- OpenID Cer...
OpenIDFoundation
 
OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16OpenID Foundation FastFed Working Group Update - 2017-10-16
OpenID Foundation FastFed Working Group Update - 2017-10-16
MikeLeszcz
 
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification UpdateOIDF Workshop 4/29/2019 -- OpenID Certification Update
OIDF Workshop 4/29/2019 -- OpenID Certification Update
OpenIDFoundation
 
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification UpdateOpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
OpenID Foundation Workshop at EIC 2018 - OpenID Certification Update
MikeLeszcz
 
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group UpdateOpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
OpenID Foundation Workshop at EIC 2018 - MODRNA Working Group Update
MikeLeszcz
 
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018OpenID Foundation Connect Working Group Update - October 22, 2018
OpenID Foundation Connect Working Group Update - October 22, 2018
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Continuous Access Evaluation P...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Certification Program U...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OpenIDFoundation
 
OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16
MikeLeszcz
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02
MikeLeszcz
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OpenIDFoundation
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
Bjorn Hjelm
 
OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02
MikeLeszcz
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License PresentantionOpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
MikeLeszcz
 
OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OpenIDFoundation
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OpenIDFoundation
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OpenIDFoundation
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
WSO2
 
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CloudIDSummit
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021
Bjorn Hjelm
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
WSO2
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
Tamim Khan
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
Hitachi, Ltd. OSS Solution Center.
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the Cloud
Josiah Renaudin
 
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...
Hitachi, Ltd. OSS Solution Center.
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OpenIDFoundation
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
OpenIDFoundation
 

More Related Content

What's hot

Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
WSO2
 
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CloudIDSummit
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
WSO2
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
Tamim Khan
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the Cloud
Josiah Renaudin
 

What's hot (20)

OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- FastFed Working Group Update
 
OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16OpenID Certification Program Update - 2017-10-16
OpenID Certification Program Update - 2017-10-16
 
OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02OpenID Certification Program Update - 2018-04-02
OpenID Certification Program Update - 2018-04-02
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation Update
 
OpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG UpdateOpenID Foundation MODRNA WG Update
OpenID Foundation MODRNA WG Update
 
OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02OpenID Foundation RISC WG Update - 2018-04-02
OpenID Foundation RISC WG Update - 2018-04-02
 
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License PresentantionOpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
OpenID Foundation Workshop at EIC 2018 - Mobile Driver's License Presentantion
 
OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018OpenID Foundation iGov Working Group Update - October 22, 2018
OpenID Foundation iGov Working Group Update - October 22, 2018
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
OIDF Workshop at Verizon Media -- 9/30/2019 -- Browser Changes Impacting Iden...
 
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect for Identity As...
 
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
OIDF Workshop at European Identity Conference 2019 -- 5/14/2019 -- FAPI Certi...
 
Enterprise Security Requirements
Enterprise Security RequirementsEnterprise Security Requirements
Enterprise Security Requirements
 
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian JaffeCIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe
 
MODRNA WG Update - April 2021
MODRNA WG Update - April 2021MODRNA WG Update - April 2021
MODRNA WG Update - April 2021
 
API Security In Cloud Native Era
API Security In Cloud Native EraAPI Security In Cloud Native Era
API Security In Cloud Native Era
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Presentation- on OIM
Presentation- on OIMPresentation- on OIM
Presentation- on OIM
 
APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...APIdays London 2020: Toward certifying Financial-grade API security profile w...
APIdays London 2020: Toward certifying Financial-grade API security profile w...
 
Testing IoT Apps with the Cloud
Testing IoT Apps with the CloudTesting IoT Apps with the Cloud
Testing IoT Apps with the Cloud
 
Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...Implementing security and availability requirements for banking API system us...
Implementing security and availability requirements for banking API system us...
 

Similar to OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update

Spec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPalSpec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPal
Ashish Jain
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Open Mobile Alliance
 

Similar to OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update (20)

OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Working Group U...
 
OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018OpenID Connect "101" Introduction -- October 23, 2018
OpenID Connect "101" Introduction -- October 23, 2018
 
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They KeyOAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
OAuth2 for IoT Security: Why OpenID Connect & UMA Are They Key
 
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
Enabling Large-Scale Multi-Party Federations with OpenID Connect - OpenID Sum...
 
Spec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPalSpec Update - OpenID Retail Summit at PayPal
Spec Update - OpenID Retail Summit at PayPal
 
IBM Connect2014 JMP106
IBM Connect2014 JMP106IBM Connect2014 JMP106
IBM Connect2014 JMP106
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An Overview
 
Implementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with SpringImplementing Microservices Security Patterns & Protocols with Spring
Implementing Microservices Security Patterns & Protocols with Spring
 
Identity mediation for enterprise identity bus
Identity mediation for enterprise identity busIdentity mediation for enterprise identity bus
Identity mediation for enterprise identity bus
 
OpenId Connect Protocol
OpenId Connect ProtocolOpenId Connect Protocol
OpenId Connect Protocol
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIs
 
Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1Webinar: OpenIDM 3.1
Webinar: OpenIDM 3.1
 
Smart Device Link Integration into Linux systems by Jeremiah Foster
Smart Device Link Integration into Linux systems by Jeremiah FosterSmart Device Link Integration into Linux systems by Jeremiah Foster
Smart Device Link Integration into Linux systems by Jeremiah Foster
 
Implementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 PresentationImplementing MITREid - CIS 2014 Presentation
Implementing MITREid - CIS 2014 Presentation
 
EduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and ImplementationEduID Mobile App - Use-Cases, Concepts and Implementation
EduID Mobile App - Use-Cases, Concepts and Implementation
 
Open Standards in Identity Management
Open Standards in Identity ManagementOpen Standards in Identity Management
Open Standards in Identity Management
 
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
Enabling IoT Devices’ Hardware and Software Interoperability, IPSO Alliance (...
 
Maker of Things - the open IoT cloud for makers chapter.
Maker of Things - the open IoT cloud for makers chapter.Maker of Things - the open IoT cloud for makers chapter.
Maker of Things - the open IoT cloud for makers chapter.
 
Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise Solutions
 
Design Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise SolutionsDesign Like a Pro: Planning Enterprise Solutions
Design Like a Pro: Planning Enterprise Solutions
 

More from MikeLeszcz

More from MikeLeszcz (9)

OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
OpenID Foundation Workshop at EIC 2018 - Introduction to the FAPI Read & Writ...
 
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
OpenID Foundation Workshop at EIC 2018 - OpenID Enhanced Authentication Profi...
 
OpenID Foundation Workshop at EIC 2018 - HEART Working Group Update
OpenID Foundation Workshop at EIC 2018 - HEART Working Group UpdateOpenID Foundation Workshop at EIC 2018 - HEART Working Group Update
OpenID Foundation Workshop at EIC 2018 - HEART Working Group Update
 
CIBA Profile Overview - OpenID Foundation/Open Banking Workshop - March 21, 2018
CIBA Profile Overview - OpenID Foundation/Open Banking Workshop - March 21, 2018CIBA Profile Overview - OpenID Foundation/Open Banking Workshop - March 21, 2018
CIBA Profile Overview - OpenID Foundation/Open Banking Workshop - March 21, 2018
 
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
OpenID Foundation's Risk Incident and Sharing Communication (RISC) Work Group...
 
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation OverviewOpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
OpenID Foundation/Open Banking Workshop - OpenID Foundation Overview
 
OpenID Foundation/Open Banking Workshop - Open Banking Update
OpenID Foundation/Open Banking Workshop - Open Banking UpdateOpenID Foundation/Open Banking Workshop - Open Banking Update
OpenID Foundation/Open Banking Workshop - Open Banking Update
 
Banking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking UpdateBanking is Now More Open: Open Banking Update
Banking is Now More Open: Open Banking Update
 
OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16OpenID Foundation RISC WG Update - 2017-10-16
OpenID Foundation RISC WG Update - 2017-10-16
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

OpenID Foundation Workshop at EIC 2018 - OpenID Connect Working Group Update

  • 1. OpenID Connect Working Group May 15, 2018 Dr. Michael B. Jones Identity Standards Architect – Microsoft
  • 3. What is OpenID Connect? • Simple identity layer on top of OAuth 2.0 • Enables RPs to verify identity of end-user • Enables RPs to obtain basic profile info • REST/JSON interfaces → low barrier to entry • Described at http://openid.net/connect/
  • 4. You’re Probably Already Using OpenID Connect! • If you have an Android phone or log in at AOL, Deutsche Telekom, Google, Microsoft, NEC, NTT, Salesforce, Softbank, Symantec, Verizon, or Yahoo! Japan, you’re already using OpenID Connect – Many other sites and apps large and small also use OpenID Connect
  • 5. OpenID Connect Range • Spans use cases, scenarios – Internet, Enterprise, Mobile, Cloud • Spans security & privacy requirements – From non-sensitive information to highly secure • Spans sophistication of claims usage – From basic default claims to specific requested claims to collecting claims from multiple sources • Maximizes simplicity of implementations – Uses existing IETF specs: OAuth 2.0, JWT, etc. – Lets you build only the pieces you need
  • 6. Numerous Awards • OpenID Connect won 2012 European Identity Award for Best Innovation/New Standard – http://openid.net/2012/04/18/openid-connect- wins-2012-european-identity-and-cloud-award/ • OAuth 2.0 won in 2013 • JSON Web Token (JWT) & JOSE won in 2014 • OpenID Certification program won 2018 Identity Innovation Award – http://openid.net/2018/03/29/openid-certification- program-wins-2018-identity-innovation-award/
  • 7. Original Overview of Specifications
  • 8. OAuth 2.0 Form Post Response Mode (additional Final Specification) • Defines how to return OAuth 2.0 Authorization Response parameters (including OpenID Connect Authentication Response parameters) using HTML form values auto-submitted by the User Agent using HTTP POST • A “form post” binding, like SAML and WS-Federation – An alternative to fragment encoding • http://openid.net/specs/oauth-v2-form-post-response-mode- 1_0.html • Completed April 2015 • In production use by Microsoft, Ping Identity
  • 9. OpenID 2.0 to OpenID Connect Migration (additional Final Specification) • Defines how to migrate from OpenID 2.0 to OpenID Connect – Has OpenID Connect identity provider also return OpenID 2.0 identifier, enabling account migration • http://openid.net/specs/openid-connect-migration-1_0.html • Completed April 2015 • Google shut down OpenID 2.0 support in April 2015 • Yahoo, AOL, others also plan to replace OpenID 2.0 with OpenID Connect
  • 10. Current Work • Federation Specification • Session Management / Logout • Second Errata Set • Current Related Work • OpenID Connect Certification
  • 11. Session Management / Logout (work in progress) • Three approaches being pursued by the working group: – Session Management • http://openid.net/specs/openid-connect-session-1_0.html • Uses HTML5 postMessage to communicate state change messages between OP and RP iframes – Front-Channel Logout • http://openid.net/specs/openid-connect-frontchannel-1_0.html • Uses HTTP GET to load image or iframe, triggering logout (similar to SAML, WS-Federation) – Back-Channel Logout • http://openid.net/specs/openid-connect-backchannel-1_0.html • Server-to-communication not using the browser • Can be used by native applications, which have no active browser • Unfortunately, no one approach best for all use cases – Can be used separately or in combination • Became Implementer’s Drafts in March 2017 – Recent decision made that it’s time for them to become Final Specifications
  • 12. Federation Specification (work in progress) • Roland Hedberg created OpenID Connect Federation specification – http://openid.net/specs/openid-connect-federation-1_0.html • Enables establishment and maintenance of multi-party federations using OpenID Connect • Defines hierarchical JSON-based metadata structures for federation participants • Prototype implementations being interop tested w/ each other • Recent decision to progress it to an Implementer’s Draft
  • 13. Second Errata Set (work in progress) • Errata process corrects typos, etc. discovered – Makes no normative changes • Edits under way for second errata set • See http://openid.net/specs/openid-connect-core-1_0-23.html for current Core errata draft • Waiting for OAuth AS metadata spec draft-ietf-oauth-discovery to be final – So we can register OpenID Discovery metadata values – Now in the hands of the RFC Editor • Expect to see request for review of errata changes shortly
  • 14. Current Related Work • International Government Profile (iGov) Working Group – Developing OpenID Connect profile for government & high-value commercial applications • Enhanced Authentication Profile (EAP) Working Group – Enables Token Bound ID Tokens – Enables integration with FIDO and other phishing-resistant authentication solutions
  • 15. OpenID Certification • OpenID Certification enables OpenID Connect implementations to be certified as meeting requirements of defined conformance profiles • Now OP and RP certification profiles for: – Basic OP and Basic RP – Implicit OP and Implicit RP – Hybrid OP and Hybrid RP – OP Publishing and RP Using Configuration Information – Dynamic OP and Dynamic RP • See http://openid.net/certification/ – And accompanying certification presentation!
  • 16. Open Conversation • How are you using OpenID Connect? • What would you like the working group to know and do?
  • 17. OpenID Connect Resources • OpenID Connect – http://openid.net/connect/ • Frequently Asked Questions – http://openid.net/connect/faq/ • Working Group Mailing List – http://lists.openid.net/mailman/listinfo/openid-specs-ab • OpenID Certification Program – http://openid.net/certification/ • Certified OpenID Connect Implementations Featured for Developers – http://openid.net/developers/certified/ • Mike Jones’ Blog – http://self-issued.info/ • Nat Sakimura’s Blog – http://nat.sakimura.org/ • John Bradley’s Blog – http://www.thread-safe.com/