Mobile SSO - EnterpriseSascha Preibisch, Layer7Similar Talkhttp://www.slideshare.net/rnewton/xapp-sso-ﬂascellescsa2013ConceptStore ID Token in “Shared Keychain”Only for iOS appsGenerate RSA key pair on client side (OPTIONAL)During white-listed apps by admin“msso” scope for SSO-enabled ID Token
Mobile SSO - Device to BrowserGeorge Fletcher, AOLSimilar Talkhttp://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20121231/002768.htmlConcept“websso” scopeDown scope via token refreshPass an ID Token in native app to browser & skip login
Auth @ Google - Next 5 YearsEric Sachs, GoogleReferencehttps://docs.google.com/document/d/1r9qnZUehCbtkQR86Wp-sJR2Zu6sHx47queuqmegW2PYSummary
Past 5 yearsRisk-based2-factor authenticationOpenIDNo new passwords!OAuthNo password sharing!
Smarter Hardwareauthorize a new device by having an existingdevice talk to it via a cryptographic protocol
Smarter Hardwareauthorize a new device by having an existingdevice talk to it via a cryptographic protocol?
Smarter HardwareU2F (Universal Second Factor)Open ecosystem of small robust “keychain devices”FIDO Alliancehttp://www.ﬁdoalliance.org
OAuth & JOSE @ BlueButton+Justin Richer, MITREActual title was “Blue Button and Patient Health Records using OAuth , JOSE”Referencehttp://blue-button.github.io/blue-button-plus-pull/ConceptOAuth 2.0 Dynamic Client Registration use-case“Trusted Registration”
BlueButtonref) http://www.healthit.gov/patients-families/blue-button/about-blue-button“Blue Button” is a way for you to get easy, secure onlineaccess to your health information....America’s health care system is rapidly going digital, andhealth care providers, insurance companies and others arestarting to give patients and consumers access to theirhealth information electronically through “Blue Button”.
BlueButton+ Pull APIOAuth2 API for RESTful access to patientdata and bootstrapping DIRECT-basedinformation exchangeref) http://blue-button.github.io/blue-button-plus-pull/
Client “class” and “instance”“class” is registered to the registryRegistration method is out of scope (e.g. manual)Establish “registration_jwt” as a JWT Bearer token“instance” is dynamically registered to the authorization serverOAuth 2.0 Dynamic Client Registration“registration_jwt” token for “Trusted Registration”