Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Authentication

545 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Authentication

  1. 1. Authentication(認証) Who uses OAuth Authentication?
  2. 2. Type of Authentication Authentication ≒ Login ● Username / Password ● Claim-Based Authentication ○ OpenID Connect, SAML, WS-Fed, OAuth 2.0
  3. 3. Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Players
  4. 4. Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Name:Taro Yamada Mail:yam@hde.com Age: 19 Yamada’s claim Hello Mr. Yamada!! ① ②
  5. 5. Claim Based Authentication Database Mr. Yamada (User) Web Service(RP/SP) ID Management Service (OP/IdP) Access Control Beer Please! No. You are 19. Too young!
  6. 6. Claim Based Authentication Clims should be: ● Reliable ○ Not been modified ● Passed securely ○ From ID Management Server to Web Service ○ via User maybe.
  7. 7. Bad Example
  8. 8. API Server OAuth Authentication Database Mr. Arakaki Bank of Samura ID Management Service Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
  9. 9. Looks good?
  10. 10. API Server OAuth Authentication Database Mr. Samura Music Store ID Management Service Modify! Arakaki’s Access token Who is it? It’s ArakakiHello Arakaki! ① ② ③④
  11. 11. Use OpenID Connect Web service can verify access token(or code).
  12. 12. API Server OAuth → OpenID Connect Database Mr. Samura Music Store ID Management Service Access token ID token(JWT) Verification Failed! It’s a fake! Modify! Arakaki’s ID token ①
  13. 13. Use OpenID Connect OAuth 2.0 is not an Authentication protocol. Use OpenID Connect for Authentication. It’s not a big change but pretty safe.

×